2006-03-06

Evil Memo: Passwords and Filenames

To: All Staff
From: The Evil System Administrator

Re: Password and Filename Security

Hi Everyone:

First of all, thanks everyone for using the new central document repository, it makes it much easier to backup and protect key documents than when the files are scattered across all our machines.

One thing: although the permissions system of the Central Document Repository (CD-R) is effective at keeping users from seeing sensitive documents, it would help is certain parties would refrain from saving documents in the top-level directory with names like 'Central reactor core diagrams and weakness summary' or 'Plan for world domination part 5 - achilles heels'. Such filenames just beg for prying eyes. All such documents are now located in /recipes/baking/fruitcake where they will hopefully remain ignored. While I am not in charge of physical document security, I would also recommend that said individuals stop leaving such documents just laying around on their desks when out of the office.

On to passwords: I know some of you were intimidated by the policy regarding instant death for anyone caught writing their password down on a post-it note under their desk, and I do appreciate that everyone has now set a password on their login account, but we need to cover how to produce strong passwords.

You need to make sure the password is not a dictionary word. I recently did a check of passwords and found passwords such as evil, malevolent, doom, and torture in use. Folks, these can be guessed far too easily.

Passwords should ideally be a combination of letters and numbers. Numbers should be non-sequential and 12345 is *not* an effective password as I am sure we all learned from the incident where the main blast door was opened by invaders last week. Ideally we want mixed-case letters, numbers and symbols.

Here's a suggestion: use a mnemonic -- think of a phrase, then take the first letter from each work, substitute numbers where possible, and keep the punctuation. For example:

I love to torture, maim and destroy!

becomes

Il2t,mad!

See? That is a nice strong password that you will always remember because it is also a favorite phrase.

Finally, I have talked to management and we are appending the death for post-it passwords policy with a death for weak passwords policy, so please change your passwords ASAP.

Regards,
The Evil SysAdmin

1 Comments:

Blogger westyx said...

12345? That's the combination on my luggage!

8:53 PM, March 22, 2006  

Post a Comment

Links to this post:

Create a Link

<< Home