+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 19
General Chat Thread, Password guidance in General; Hi all, I was wondering what you would think of this password guidance, found on the Wokingham All in One ...
  1. #1

    Join Date
    Aug 2008
    Location
    Reading
    Posts
    63
    Thank Post
    33
    Thanked 2 Times in 2 Posts
    Blog Entries
    1
    Rep Power
    13

    Password guidance

    Hi all,

    I was wondering what you would think of this password guidance, found on the Wokingham All in One e-Safey policy

    o Choose a word which has o and i in and substitute 0 (zero) and 1, e.g. sn0wt1me.
    o Use the initial letters of a familiar phrase, song title etc. and substitute as above.
    o Use a text message abbreviation, e.g. CUL8R

  2. #2


    Join Date
    Jan 2012
    Posts
    2,770
    Thank Post
    1,018
    Thanked 391 Times in 292 Posts
    Rep Power
    219
    There's a relevant XKCD (there's always a relevant XKCD) about passwords, but can't get on it at work.
    People are being conditioned to pick passwords that are hard for humans to remember, but easy for computers to guess. Longer passwords would be more secure than bogus complexity.

  3. Thanks to Garacesh from:

    SimonWindisch (9th November 2012)

  4. #3

    Join Date
    Aug 2008
    Location
    Reading
    Posts
    63
    Thank Post
    33
    Thanked 2 Times in 2 Posts
    Blog Entries
    1
    Rep Power
    13

  5. #4
    Disaster's Avatar
    Join Date
    Nov 2008
    Location
    1, England
    Posts
    513
    Thank Post
    42
    Thanked 84 Times in 53 Posts
    Rep Power
    56
    I just use cat. or dog.

  6. #5


    Join Date
    Sep 2007
    Location
    UK
    Posts
    5,453
    Thank Post
    1,454
    Thanked 890 Times in 571 Posts
    Rep Power
    647
    I'm tending to use expressions eg. One&Two=3

    Edit: Doh! I'm going to have to change all my passwords now.

  7. #6


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,652
    Thank Post
    275
    Thanked 780 Times in 607 Posts
    Rep Power
    224
    Line 01 makes me think the author is woefully uninformed, out of date with common password cracking techniques and has no business providing IT guidance to anyone.
    Line 02, while not particularly great will generate memorable passwords that will at least be better than the ones created by 01 and 03.
    Line 03 suffers from the same problem Line 01 does.

    More interesting is this:

    • The ‘Administrator’ passwords for the school ICT system, used by the ICT Technician/Network Manager are also available to the ICT Subject Leader and must be stored securely in school.
    Implies singular passwords, non-emergency use as commonplace and left with someone who does not need and should not have that level of access unless they regularly perform a role that requires it. Emergency sysadmin-hit-by-a-bus passwords should be stored sealed in the school safe and made available to SLT (who may then choose to delegate tasks to competent staff). A Head of IT (unless they're ye olde Swiss-Army HeadOfIT/Technician/CanYouMendTheKettleToo) doesn't need that access to perform their role and (IMO) should be actively refusing it from a self-preservation perspective.

  8. Thanks to pete from:

    SimonWindisch (9th November 2012)

  9. #7
    Gibbo's Avatar
    Join Date
    Feb 2008
    Location
    Cheshire
    Posts
    911
    Thank Post
    207
    Thanked 344 Times in 238 Posts
    Rep Power
    93

  10. #8
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,488
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    76
    Quote Originally Posted by Garacesh View Post
    People are being conditioned to pick passwords that are hard for humans to remember, but easy for computers to guess.
    I am not sure that is such a problem. Realistically, I don't think that the risk to our network security comes from someone running password crackers or brute force attacks on our remote logon system; I think the risks faced in schools are students trying to log in as teachers. Therefore as long as you have a policy which prevents staff members using %Spouse'sName%1, %Dog'sName%2012 etc, you've covered the main threat.

    Imposing a minimum length of 8-10 characters will help prevent shoulder surfing, and requiring capital letters somewhere (ideally not the first character!) helps ensure that even if you know the base word, (i.e. my cat's name) you still can't log in as me.

  11. #9

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    8,993
    Thank Post
    352
    Thanked 1,301 Times in 891 Posts
    Blog Entries
    4
    Rep Power
    1131
    On the subject of secure password generation have a look at this website:

    Link: Your PasswordCard - 85,358 printed so far!

  12. #10

    sippo's Avatar
    Join Date
    May 2008
    Location
    Swindon, Wiltshire
    Posts
    1,736
    Thank Post
    136
    Thanked 190 Times in 135 Posts
    Rep Power
    152
    I like that dog poster. Are there any freebie posters out there I can put up?

  13. #11

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    8,993
    Thank Post
    352
    Thanked 1,301 Times in 891 Posts
    Blog Entries
    4
    Rep Power
    1131
    Quote Originally Posted by sippo View Post
    I like that dog poster. Are there any freebie posters out there I can put up?
    Have a look at this thread from a while ago:

    Link: password change reminder pictures

  14. #12

    Jawloms's Avatar
    Join Date
    Aug 2007
    Posts
    831
    Thank Post
    177
    Thanked 105 Times in 73 Posts
    Rep Power
    185
    Quote Originally Posted by SimonWindisch View Post
    Hi all,

    I was wondering what you would think of this password guidance, found on the Wokingham All in One e-Safey policy
    I'd be interested to know how many people in Wokingham have the password of "sn0wt1me".

  15. Thanks to Jawloms from:

    sidewinder (12th November 2012)

  16. #13

    Oaktech's Avatar
    Join Date
    Jul 2011
    Location
    Bournemouth
    Posts
    2,840
    Thank Post
    785
    Thanked 552 Times in 432 Posts
    Rep Power
    261
    We have the xkcd cartoon blown up to a3 on our wall... The kids don't get it, but we now have maths teachers and a-level students trying to make difficult to guess passwords. The current winner is one that has defeated ophcrack, the student won't tell us what it was!

  17. #14


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,652
    Thank Post
    275
    Thanked 780 Times in 607 Posts
    Rep Power
    224
    Quote Originally Posted by Jawloms View Post
    I'd be interested to know how many people in Wokingham have the password of "sn0wt1me".
    I suspect at least one in each location that received that document. Expanding your dictionary to passwords that riff off the same theme (snowtime/winter) would probably yield further results.

    It's just as well we don't use our powers for evil or my end-users would have funded my Volcano Lair of Doom multiple times over.

  18. #15

    elsiegee40's Avatar
    Join Date
    Jan 2007
    Location
    Kent
    Posts
    9,769
    Thank Post
    1,813
    Thanked 2,228 Times in 1,645 Posts
    Rep Power
    801
    Quote Originally Posted by Jawloms View Post
    I'd be interested to know how many people in Wokingham have the password of "sn0wt1me".
    There's probably a fair number in Kent with 10gBhatW or J1C,gitm! after my training sessions

    See attachment:
    Attached Thumbnails Attached Thumbnails Password guidance-password-creation.pdf  

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Password Security
    By mark in forum School ICT Policies
    Replies: 5
    Last Post: 14th October 2005, 03:39 PM
  2. Word passwords
    By rokeby in forum Windows
    Replies: 3
    Last Post: 12th October 2005, 07:31 AM
  3. Replies: 12
    Last Post: 12th September 2005, 10:47 AM
  4. making passwords help
    By browolf in forum Scripts
    Replies: 7
    Last Post: 26th August 2005, 09:49 AM
  5. Use of domain password (& staff AUP, etc.) ;)
    By mark in forum School ICT Policies
    Replies: 22
    Last Post: 29th June 2005, 02:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •