Password systems - Re: Forgot root

["Jim Armstrong" <jim_a technologist com>]

Having had to deal with passworded systems for as long as I have, I've
observed the following:

One of the biggest security risks in any system is the expiring (USER)
password... Some guy thought about five minutes before passing this off as
the most secure method... Any time you install a totally new system, some
wet-eared admin will set it up: password must be changed, password expires
every n days.
  And the USER.. having better things to do, and having to react quickly,
will come up with some lame combination that he KNOWs he wont be able to
remember.. thus writes it down and sticks the slip of paper under his
deskmat.

In the systems that I've set up from scratch, I always use "password never
expires" then append onto the typical "user password methodology doc" a note
on how to establish a password generation process in your own head.

For a permanent password.. such as you would use as root, pick a key word
from your (relatively) distant past.. such as an odd or nonsensical, but
memorable to you, nickname that your parents gave your brother in infancy
that is no longer used and seldom referred to even in family get-togethers.

For changing passwords spend a little thinking time and create a word or
numeric progression system that is easily remembered and which is not
apparent from your background or easily deduced..

Reuse the same user password or password system as much as possible so that
you remember them easily and never have to write them down.
DONT use encrypted password logging tools unless you are SURE of their
security.

Never use your key password (like root) for mail, app. locking or
Workstation logons

Delete any password files before handing off pc's or systems to another
admin

Jim A





-----Original Message-----
From: Manuel Antonio Camacho Quesada <beirtep sol racsa co cr>