Password Smarts

Password Smarts

Like every UNIX user, you should have a password. You can get along without a password only under these circumstances:

• 
  

  You keep the computer in a locked, windowless room to which you have the only key, and it’s not connected to any network.

  
  


• 
  

  You don’t mind whether unruly 14-year-olds borrow your account and randomly insert dirty knock-knock jokes in the report you’re supposed to give to your boss tomorrow.

  
  

The choice of your password deserves some thought. You want something easy for you to remember but difficult for other people to guess. Here are some bad choices for passwords: single letters or digits, your name, the name of your spouse or significant other, your kid’s name, your cat’s name, or anything fewer than eight characters. (Bad guys can try every possible seven-letter password in less than a day.)

Good choices include such things as your college roommate’s name misspelled and backward. Throw in a digit or two or some punctuation, and capitalize a few letters to add confusion, so that you end up with something like yeLLas12. Another good idea is to use a pair of words, like fat;Head.

You can change your password whenever you’re logged in, by using the passwd program. It asks you to enter your old password to prove that you’re still who you are when you logged in (computers are notoriously skeptical). Then the passwd program asks you to enter your new password twice, to make sure that you type it, if not correctly, at least consistently. None of the three passwords you type appears on-screen, of course. We show you how to run the passwd program in Chapter 2.

Some system administrators do something called password aging; this strategy makes you change your password every once in awhile. Some administrators put rules in the passwd program that try to enforce which passwords are permissible, and some even assign passwords chosen randomly. The latter idea is terrible because the only way you can remember a password you didn’t choose is to write it on a sticky note and stick it on your terminal, which defeats the purpose of having passwords.

In any event, be sure that no one other than you knows your password. Change your password whenever you think that someone else may know it. Because UNIX stores passwords in a scrambled form, even the system administrator can’t find out what yours is. If you forget your password, the administrator can give you a new one, but she can’t tell you what your old one was.

�Technical Stuff��If you really want to be paranoid about passwords, don’t use one that appears in any dictionary. Some system breakers may decide to use the UNIX password-encryption program to encrypt every last word in a dictionary and then compare each of the encrypted words to your password. It’s another thing to keep you awake at night.