[BlueOnyx:02365] Re: Password based on dictionary word
Michael Stauber
mstauber at blueonyx.it
Sat Sep 12 20:02:00 -05 2009
Hi Paul,
> Is there any way to disable this check at all in BO?
No, sorry. That's not possible.
> I can use varying
> passwords for users that are not based on dictionary words, however
> because that have a dictionary word contained within (even tho secure
> because they contain upper and lower case with numbers) they are not
> accepted.
Even if you obscure dictionary through capitalization and by replacing
characters like A with 4 or I with 1 ... hackers use the same tricks when
brute force password guessing. So the net result is: Cracklib still considers
this a weak password.
Best advice there is: Pick a different password with more "randomness".
Something that works quite well: Pick a sentence that's easy to memorize. Then
use a certain character of each word in that sentence as character in your
password. First character for example - to make it easy. If the sentence
doesn't contain anything that can be transformed into numbers (for = 4, one =
1, etc.), then "pad" the password with a set of numbers like the last four
digits of a phone number from a person that you associate with the sentence -
just as example.
Example sentence: The quick brown fox jumps over the lazy dogs back.
Example password: Tqbfjotldb.8264
That password by itself is almost impossible to remember. But remembering the
"helper" sentence and keeping in mind where the numbers come from make it
easy.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list