[CentOS] Another Fedora decision

Mon Feb 2 23:45:17 UTC 2015
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Mon, February 2, 2015 5:26 pm, Les Mikesell wrote:
> On Mon, Feb 2, 2015 at 4:17 PM, Warren Young <wyml at etr-usa.com> wrote:
>>>
>> Let’s flip it around: what’s your justification *for* weak
>> passwords?
>>
> You don't need to write them down.  Or trust some 3rd party password
> keeper to keep them.    Whereas when 'not weak' is determined by
> someone else in the middle of trying to complete something, you are
> very likely to have to write it down.
>

Whereas I agree with you... Well, I tell my users when they set password
after I created account for them: the most important is that you can
memorize and type your password. I myself, however use rather strong
password (knocking on wood), and was never bugged by "weak password"
warning. Being sysadmin, and "paranoia" is in sysadmin's job description,
I tend to have all passwords different, neither of my regular user, or
root passwords ideally should never repeat anywhere, even on different
machines I administer. So I imminently am using encrypted password
storage. These days it is keepassx.

Just my $0.02

Valeri

PS I don't like though policies invented by bureaucrats having no
technical knowledge serving only to cover their backsides, like in
National Laboratories they require one to change password every 6 Months,
and password should never be anything you used in the past. This doesn't
serve security, and is counter-productive. This policy for me indicates
that they declare explicitly that they maintain security of their systems
not too well, as a results of which your password likely can get
compromised...

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++