[Discuss] deadmanish login?

[gmongardi at napc.com (Grant NAPC)]

On 01/31/2017 07:54 AM, Kent Borg wrote:
> On 01/30/2017 08:46 PM, Dan Ritter wrote:
>> First off, you should be using ssh keys and not passwords.
>
> No, you should be using passwords not keys. (In most cases.)
>
> Protect your password, don't give it to anyone, don't recycle it on
> different sites. A good password can be easy to remember and easy to
> type. As bad as manually typed passwords are the sparkly alternatives
> are almost always worse.

I agree with Kent, although I do believe you should rotate your password 
at some reasonable interval. We do enforce password rotation and a mix 
of alphanumeric/symbols at my company. Password length needs to be 
paramount also. I've practiced and recommended using actual sentences as 
opposed to passwords 
(http://blog.napc.com/password-performance-that-isn-t-a-compromise). If 
your systems are limiting you to 8 characters then you really need to 
update those systems because passwords probably aren't the only part of 
those that are insecure. Most modern systems will support at least 32 
character passwords so having any password less than 10 characters is 
something I would strongly recommend against. Typing "B at con is g00d." is 
really no more difficult than typing "Meg at s0nic" and extends the 
likelihood of compromise from months to centuries. Mind you, a good 
password is only one small part of a solution (sudo, named-accounts, 
audit logs, lockout timers, etc.), but it's definitely your first-line 
of defense.

Grant M.
-- 
Grant Mongardi
Senior Systems Engineer
NAPC

gmongardi at napc.com
http://www.napc.com/
twitter: @Grantonator
LinkedIn: http://www.linkedin.com/pub/grant-mongardi/19/34/182/
781.894.3114 phone
781.894.3997 fax

NAPC | technology matters