North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Re: external access and passwd mgmt (was Re: SSH on Cisco ...)

  • From: Shawn McMahon
  • Date: Mon May 01 17:24:30 2000

A lengthy discussion of why wouldn't be on topic here in NANOG, but it's a
basic principle of computer security that if your password is so long that
you must write it down to remember it, it is by definition too long.

It is better to have a less-"secure" password that is not written down

If you must write a password down somewhere, it should be in a safe-deposit
box that nobody has access to, so that it can only be recovered after your

If you must write a password down electronically, it should encrypted,
which makes it no better than the password of the encrypted database, so
passwords should just plain flat never be so long that you have to write
them down.

The Gnu Keyring exists so that:

1) We can keep track of more passwords as securely as possible.

2) We can keep track of too-long passwords assigned to us by well-meaning

3) We can keep track of long non-password numbers without having to haul
around dangerous things like credit cards.  :-)

If you worked for me, I'd ask you to destroy that piece of paper and not do
it again.

On Mon, 1 May 2000, Bennett Todd wrote:
> I recommend instead picking an _exceptionally_ strong,
> computer-generated random password for the keyring itself, and
> writing it down on a slip of paper in your wallet until you've used
> it enough times to memorize it.