+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
General Chat Thread, Password guidance in General; Hi all, I was wondering what you would think of this password guidance, found on the Wokingham All in One ...
  1. #1

    Join Date
    Aug 2008
    Location
    Reading
    Posts
    52
    Thank Post
    29
    Thanked 1 Time in 1 Post
    Blog Entries
    1
    Rep Power
    0

    Password guidance

    Hi all,

    I was wondering what you would think of this password guidance, found on the Wokingham All in One e-Safey policy

    o Choose a word which has o and i in and substitute 0 (zero) and 1, e.g. sn0wt1me.
    o Use the initial letters of a familiar phrase, song title etc. and substitute as above.
    o Use a text message abbreviation, e.g. CUL8R

  2. #2


    Join Date
    Jan 2012
    Posts
    1,826
    Thank Post
    548
    Thanked 233 Times in 174 Posts
    Rep Power
    171
    There's a relevant XKCD (there's always a relevant XKCD) about passwords, but can't get on it at work.
    People are being conditioned to pick passwords that are hard for humans to remember, but easy for computers to guess. Longer passwords would be more secure than bogus complexity.

  3. Thanks to Garacesh from:

    SimonWindisch (9th November 2012)

  4. #3

    Join Date
    Aug 2008
    Location
    Reading
    Posts
    52
    Thank Post
    29
    Thanked 1 Time in 1 Post
    Blog Entries
    1
    Rep Power
    0

  5. #4
    Disaster's Avatar
    Join Date
    Nov 2008
    Location
    1, England
    Posts
    469
    Thank Post
    41
    Thanked 77 Times in 47 Posts
    Rep Power
    52
    I just use cat. or dog.

  6. #5


    Join Date
    Sep 2007
    Location
    UK
    Posts
    5,136
    Thank Post
    1,307
    Thanked 810 Times in 514 Posts
    Rep Power
    632
    I'm tending to use expressions eg. One&Two=3

    Edit: Doh! I'm going to have to change all my passwords now.

  7. #6


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,537
    Thank Post
    271
    Thanked 752 Times in 590 Posts
    Rep Power
    218
    Line 01 makes me think the author is woefully uninformed, out of date with common password cracking techniques and has no business providing IT guidance to anyone.
    Line 02, while not particularly great will generate memorable passwords that will at least be better than the ones created by 01 and 03.
    Line 03 suffers from the same problem Line 01 does.

    More interesting is this:

    • The ‘Administrator’ passwords for the school ICT system, used by the ICT Technician/Network Manager are also available to the ICT Subject Leader and must be stored securely in school.
    Implies singular passwords, non-emergency use as commonplace and left with someone who does not need and should not have that level of access unless they regularly perform a role that requires it. Emergency sysadmin-hit-by-a-bus passwords should be stored sealed in the school safe and made available to SLT (who may then choose to delegate tasks to competent staff). A Head of IT (unless they're ye olde Swiss-Army HeadOfIT/Technician/CanYouMendTheKettleToo) doesn't need that access to perform their role and (IMO) should be actively refusing it from a self-preservation perspective.

  8. Thanks to pete from:

    SimonWindisch (9th November 2012)

  9. #7
    Gibbo's Avatar
    Join Date
    Feb 2008
    Location
    Cheshire
    Posts
    878
    Thank Post
    203
    Thanked 339 Times in 234 Posts
    Rep Power
    91

  10. #8
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,461
    Thank Post
    279
    Thanked 196 Times in 167 Posts
    Rep Power
    75
    Quote Originally Posted by Garacesh View Post
    People are being conditioned to pick passwords that are hard for humans to remember, but easy for computers to guess.
    I am not sure that is such a problem. Realistically, I don't think that the risk to our network security comes from someone running password crackers or brute force attacks on our remote logon system; I think the risks faced in schools are students trying to log in as teachers. Therefore as long as you have a policy which prevents staff members using %Spouse'sName%1, %Dog'sName%2012 etc, you've covered the main threat.

    Imposing a minimum length of 8-10 characters will help prevent shoulder surfing, and requiring capital letters somewhere (ideally not the first character!) helps ensure that even if you know the base word, (i.e. my cat's name) you still can't log in as me.

  11. #9

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    8,321
    Thank Post
    331
    Thanked 1,193 Times in 815 Posts
    Blog Entries
    2
    Rep Power
    1065
    On the subject of secure password generation have a look at this website:

    Link: Your PasswordCard - 85,358 printed so far!

  12. #10
    sippo's Avatar
    Join Date
    May 2008
    Location
    Swindon, Wiltshire
    Posts
    1,634
    Thank Post
    126
    Thanked 170 Times in 123 Posts
    Rep Power
    93
    I like that dog poster. Are there any freebie posters out there I can put up?

  13. #11

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    8,321
    Thank Post
    331
    Thanked 1,193 Times in 815 Posts
    Blog Entries
    2
    Rep Power
    1065
    Quote Originally Posted by sippo View Post
    I like that dog poster. Are there any freebie posters out there I can put up?
    Have a look at this thread from a while ago:

    Link: password change reminder pictures

  14. #12

    Jawloms's Avatar
    Join Date
    Aug 2007
    Posts
    795
    Thank Post
    158
    Thanked 102 Times in 71 Posts
    Rep Power
    178
    Quote Originally Posted by SimonWindisch View Post
    Hi all,

    I was wondering what you would think of this password guidance, found on the Wokingham All in One e-Safey policy
    I'd be interested to know how many people in Wokingham have the password of "sn0wt1me".

  15. Thanks to Jawloms from:

    sidewinder (12th November 2012)

  16. #13

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,464
    Thank Post
    679
    Thanked 451 Times in 363 Posts
    Rep Power
    229
    We have the xkcd cartoon blown up to a3 on our wall... The kids don't get it, but we now have maths teachers and a-level students trying to make difficult to guess passwords. The current winner is one that has defeated ophcrack, the student won't tell us what it was!

  17. #14


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,537
    Thank Post
    271
    Thanked 752 Times in 590 Posts
    Rep Power
    218
    Quote Originally Posted by Jawloms View Post
    I'd be interested to know how many people in Wokingham have the password of "sn0wt1me".
    I suspect at least one in each location that received that document. Expanding your dictionary to passwords that riff off the same theme (snowtime/winter) would probably yield further results.

    It's just as well we don't use our powers for evil or my end-users would have funded my Volcano Lair of Doom multiple times over.

  18. #15

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    10,075
    Thank Post
    1,683
    Thanked 2,026 Times in 1,498 Posts
    Rep Power
    674
    Quote Originally Posted by Jawloms View Post
    I'd be interested to know how many people in Wokingham have the password of "sn0wt1me".
    There's probably a fair number in Kent with 10gBhatW or J1C,gitm! after my training sessions

    See attachment:
    Attached Thumbnails Attached Thumbnails Password guidance-password-creation.pdf  

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Password Security
    By mark in forum School ICT Policies
    Replies: 5
    Last Post: 14th October 2005, 03:39 PM
  2. Word passwords
    By rokeby in forum Windows
    Replies: 3
    Last Post: 12th October 2005, 07:31 AM
  3. Replies: 12
    Last Post: 12th September 2005, 10:47 AM
  4. making passwords help
    By browolf in forum Scripts
    Replies: 7
    Last Post: 26th August 2005, 09:49 AM
  5. Use of domain password (& staff AUP, etc.) ;)
    By mark in forum School ICT Policies
    Replies: 22
    Last Post: 29th June 2005, 02:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •