Mac Os X 10.4 Tiger (Visual Quickstart Guides)

Unix Passwords & Security

You may think, "I don't care if someone reads my mail" or "I don't store important files in my directory, so who needs a good password?"

This is exactly what crackers count on. Many times, these crackers don't want to read your mail or erase your files; they want to install their own programs that take up your computer time and Internet bandwidth. They steal resources from you and slow down your computer and Internet response time. They also install Trojan horse programs that allow them to break into your computer at a future date. These Trojan horses are designed to look and act exactly like other normal programs you expect to see on the machine.

When a cracker breaks into your computer system, your only course of action is to take the machine off the network and rebuild the operating system from scratch. It's virtually impossible to detect Trojan horses, which is why you must rebuild your system. The rebuild process can take days, and you lose communication during that time. Scared? Good. Your first line of defense is to use good passwords.

The object when choosing a password is to pick a password that is easy for you to remember but difficult for someone else to guess. This leaves the cracker no alternative but a brute-force search, trying every possible combination of letters, numbers, and punctuation. A search of this sort, even conducted on a machine that could try one million passwords per second (most machines can try less than one hundred per second), would require, on average, over one hundred years to complete. With this as your goal, here are some guidelines you should follow for password selection.

Dos

  • Do use a password with nonalphabetic characters: digits or punctuation mixed into the middle of the password. For example, ronh3;cat.

  • Do use a password that contains mixed-case letters, such as ROnHCAt.

  • Do pick a password that is easy to remember, so you don't have to write it down. (And never write it on a sticky note and stick it on your monitor.)

  • Do use a password that you can quickly type, without having to look at the keyboard. This makes it harder for someone watching over your shoulder to steal your password. If someone is watching, ask them to turn their head.

Don'ts

  • Don't use your login name in any formfor example, as it is, reversed, capitalized, or doubled.

  • Don't use your first name, last name, or initials in any form.

  • Don't use your spouse's, child's, or pet's name.

  • Don't use other information that is easily obtained about you. This includes license plate numbers, addresses, telephone numbers, social security numbers, the brand of your automobile, and the name of the street you live on.

  • Don't use a password that consists of all digits or all the same letter. This significantly decreases the search time for a cracker.

  • Don't use a word contained in dictionaries (either English or foreign language), spelling lists, or other lists of words (for example, the Star Trek series, movie titles, Shakespeare plays, cartoon characters, Monty Python episodes, the Hitchhiker's Guide series, myths or legends, place names, sports words, and colleges). These are all part of the standard dictionaries that come with cracking software, and the crackers can always add their own dictionaries.

  • Don't use a word simply prefixed or suffixed with a number or a punctuation mark.

  • Don't substitute a zero for the letter O or substitute a numeral one for the letter L or I.

  • Don't use a password shorter than six characters.

Password ideas

Although these password rules may seem extreme, you have several methods for choosing secure, easy-to-remember passwords that also obey the rules. For example:

  • Choose a line or two from a song or poem and then use the first letter of each word. For example, if you pick, "In Xanadu did Kubla Kahn a stately pleasure dome decree," you would have IXdKKaspdd. "Ding dong the Witch is dead" becomes DdtWid.

  • Create a password by alternating between one consonant and one or two vowels, as long as eight characters. This provides nonsense words that are usually pronounceable and thus easily remembered. For example, moatdup and jountee.

  • Choose two short words and concatenate them with a punctuation character. For example: dog:rain or ray/gun or kid?goat.

To change your password

1.

In the Terminal window, type passwd and press .

2.

The shell prompts you to enter your old password (Figure 54). Enter it and press .

Figure 54. First, the shell prompts you for your current password.

3.

The shell prompts you to enter your new password (Figure 55). Enter it, and press .

Figure 55. Next, it prompts you to enter your new password.

4.

The shell prompts you to enter your new password again (Figure 56). Enter it and press .

Figure 56. Finally, it prompts you to re-enter your new password.

Tips

  • When you enter your old and new password, the cursor in the Terminal window does not move. This is an added security feature; someone looking over your shoulder as you type can't even see how many characters you typed.

  • The new password you select must be at least five characters in length.

  • You can also change your password in the Accounts preferences pane. I explain how in Chapter 17.

Категории