Hints for Protecting Passwords ??
Both system administrators and users share responsibility for enforcing password security. Remember, password
security is everyone's responsibility. In addition to damaging your own files, someone who uses your password to
break into a system can also compromise all of the files in your system or network.
From the USENET: "A password should be like a toothbrush. Use it every day; change it regularly; and DON'T share it with friends."
• Don't allow any log ins without passwords. If you're the system administrator, make sure every account
has a password.
• Don't keep passwords that may have come with your system. Change all test or guest passwords–
for example, root, system, test, demo, etc.,before allowing users to log in.
• Don't ever let anyone use your password.
• Don't write your password down–particularly on your terminal, computer, or anywhere around your desk.
If you ever do write your password down, don't identify it as a password and don't write the phone number
of the computer on the same piece of paper.
• Don't type a password while anyone is watching.
• Don't record your password online or send it anywhere via electronic mail. In The Cuckoo's Egg,
Cliff Stoll reports how his intruder scanned electronic mail messages for references to the word "password."
• Don't make a bad situation worse. If you do share your password–deliberately or inadvertently–change it
immediately (or ask your administrator to change it).
• Don't keep the same password indefinitely. Even if your password hasn't been compromised, change it on
a regular basis.
security is everyone's responsibility. In addition to damaging your own files, someone who uses your password to
break into a system can also compromise all of the files in your system or network.
From the USENET: "A password should be like a toothbrush. Use it every day; change it regularly; and DON'T share it with friends."
• Don't allow any log ins without passwords. If you're the system administrator, make sure every account
has a password.
• Don't keep passwords that may have come with your system. Change all test or guest passwords–
for example, root, system, test, demo, etc.,before allowing users to log in.
• Don't ever let anyone use your password.
• Don't write your password down–particularly on your terminal, computer, or anywhere around your desk.
If you ever do write your password down, don't identify it as a password and don't write the phone number
of the computer on the same piece of paper.
• Don't type a password while anyone is watching.
• Don't record your password online or send it anywhere via electronic mail. In The Cuckoo's Egg,
Cliff Stoll reports how his intruder scanned electronic mail messages for references to the word "password."
• Don't make a bad situation worse. If you do share your password–deliberately or inadvertently–change it
immediately (or ask your administrator to change it).
• Don't keep the same password indefinitely. Even if your password hasn't been compromised, change it on
a regular basis.