[CentOS] Another Fedora decision
Valeri Galtsev
galtsev at kicp.uchicago.edu
Mon Feb 2 23:45:17 UTC 2015
On Mon, February 2, 2015 5:26 pm, Les Mikesell wrote:
> On Mon, Feb 2, 2015 at 4:17 PM, Warren Young <wyml at etr-usa.com> wrote:
>>>
>> Letâs flip it around: whatâs your justification *for* weak
>> passwords?
>>
> You don't need to write them down. Or trust some 3rd party password
> keeper to keep them. Whereas when 'not weak' is determined by
> someone else in the middle of trying to complete something, you are
> very likely to have to write it down.
>
Whereas I agree with you... Well, I tell my users when they set password
after I created account for them: the most important is that you can
memorize and type your password. I myself, however use rather strong
password (knocking on wood), and was never bugged by "weak password"
warning. Being sysadmin, and "paranoia" is in sysadmin's job description,
I tend to have all passwords different, neither of my regular user, or
root passwords ideally should never repeat anywhere, even on different
machines I administer. So I imminently am using encrypted password
storage. These days it is keepassx.
Just my $0.02
Valeri
PS I don't like though policies invented by bureaucrats having no
technical knowledge serving only to cover their backsides, like in
National Laboratories they require one to change password every 6 Months,
and password should never be anything you used in the past. This doesn't
serve security, and is counter-productive. This policy for me indicates
that they declare explicitly that they maintain security of their systems
not too well, as a results of which your password likely can get
compromised...
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
More information about the CentOS
mailing list