From tolson Mon Oct 31 16:11:28 1994 Received: from nova.npac.syr.edu by spica.npac.syr.edu (4.1/I-1.98K) id AA13687; Mon, 31 Oct 94 16:10:51 EST Message-Id: <9410312110.AA05646@nova.npac.syr.edu> Received: from localhost.syr.edu by nova.npac.syr.edu (4.1/N-0.12) id AA05646; Mon, 31 Oct 94 16:10:49 EST To: rjdodd, rmehlman, rmsouthw, rn, robinson, roman, roth, roy, roysam, rsadve, rsantore, rshankar, rushton, rwanders, ryadav, sakyokus, saleh, salexand, salma, saltz, sbae, scarp, sccsrepo, schoy, schwab, sdb, seablom, sean, seema, setia, sevilgen, sfischer, sgnarend, sgoil, shartley, shiva, shko, sibert, sjpratt, smarcink, smc, socrates, sonnet1, sonnet2, sonnet3, sorkin, srcadm, ssarathy, stabler, stadel Subject: Please change your password Date: Mon, 31 Oct 94 16:10:48 EST From: tolson Status: R Hi NPAC systems have been broken into. This means that someone out there probably has the password to your account. For the future security of the NPAC systems we request that you change your passwd immediately. Please follow the guidelines below. To change your password used the command "passwd" The NPAC SYSTEMS GROUP Todd Olson (315)443-5804 Guidelines for choosing a good password Passwords you shouldn't use When selecting a password, you should not use anything that might be meaningful to anyone other than you. For example, your password should not be any of the following: + an English word + a word in another language (even a language such as Chinese, which is not normally written using the Roman alphabet) + a name (including names of sports teams, people, places, and fictional characters or places from mythology, literature, movies, cartoons, etc.) + a word spelled backwards + a word with punctuation or a number after it (or before it) + a capitalized word + a word repeated twice + ANY OTHER clever permutation of a word (e.g. replacing particular letters with numbers, or using a possessive form or a misspelling) + a common phrase (such as ``good job'' or ``beam me up'' or ``take it easy'') + a predictable character sequence (such as ``qwerty'' or ``abcdefg'' or ``aaaa''') + a number + personal information (including your birthday, your initials, your login, or your spouse's name) + a common abbreviation or mnemonic + a license plate + a phone number All of these are likely to appear in on-line dictionaries and word lists. It's not difficult for someone trying to break your password to do a ``brute force'' search by trying every available word and phrase until a match is found. Passwords you should use The best passwords are easy to remember, but look ``random'' and have no chance of appearing in any sort of dictionary or word list. Here are two suggestions for constructing a good password: + Use the first letters of the words in a sentence; for example, the first letters of the first few words in this sentence might become ``UtfLotW.'' This sort of password is easy to remember since it is meaningful to the person who thought of it, but very difficult for anyone else to guess since it is essentially a random string of upper- and lower-case letters. As long as the sentence is not a common phrase or quote (such as a line from a song or poem or book, or a common say- ing) it is very unlikely to appear in a word list. + Pairs of short, UNRELATED words (not phrases) with numbers or punctuation thrown in (such as ``Stay%Them'') can also make very good, difficult-to- break passwords. Note, however, that the system recognizes only the first 8 characters of your pass- word; this means that ``Citizen&flight'' would NOT be a good choice since the system would truncate it to ``Citizen&'' (a simple variation on a single word). Of course, you should come up with a password on your own - you should NOT borrow one of the above examples!