On Friday 31 March 2006 19:42, John Summerfield wrote: >Craig White wrote: >> it's actually the fault of the admins who don't use any password >> checking mechanisms, but I suppose that it's more feasible to blame >> stupid users...of course, I would never do such a thing ;-) > >There is quite a deal of well-reasoned debate about what constitutes a >good password. > >First, one needs to be able to remember it without writing it down. > This meets Windows AD complexity requirements, > >10:72:94:e5:64:d5:68:51:d1:55:c0:2b:e5:4e:7f:fa > >but I defy anyone to remember it any time soon! > >"bismcoles" would probably be easy for Bill Smith to remember, and > would certainly defy any dictionary attack. As would > "bluewatermelon." > >The expect package has a password generator that creates passwords > like this, but again they're hard to remember: "et3tUfGd." > > >A reasonable security system would shut down the login process for a >time after some number of consecutive failed login attempts. It's a > rule that's been around for a long time, it's even in Linux, but > implemented poorly. And how does one go about turning that option on, with say a 15 minute timeout? -- Cheers, Gene People having trouble with vz bouncing email to me should add the word 'online' between the 'verizon', and the dot which bypasses vz's stupid bounce rules. I do use spamassassin too. :-) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2006 by Maurice Eugene Heskett, all rights reserved.