next up previous
Next: System-selected passwords Up: Complex passwords Previous: User Problems:

User Solutions:

As before, users may write down their passwords.

Even if the rules are followed, only the bare minimum required by the rules may be followed. For example, if the user wants a password related to the word ``squirrel" but they're required to use at least one letter, number and symbol, they might chose the password ``squirrel1!" Conveniently, the number one and the exclamation point are both on the same key, making it easier for a user to type and recall but also easier to guess.

Similarly, if the user wanted a password based on the word ``gerbil" but was required to have a password of at least 8 characters, the user will likely just add something simple onto the end such as ``gerbilll".

Numbers, symbols or extra characters are most frequently are added to the beginning and end of passwords, and although those extra characters do increase the size of a dictionary, they do not necessarily make it large enough to render it infeasible for an attacker to break in using the expanded dictionary.



Terri 2004-01-05