1991-06-16|Integrated password/PIN Security System

To Bell-Northern Research

• The UNIX Security presentation at the WGA meeting triggered my thoughts on the general BNR data security. This COCOS is meant to stimulate discussions on the password/PIN issue, which can be summarised into the following bottom-line question.

  Q. Which is better for BNR??
  option 1: multiple crackable passwords? (e.g. see list attached) option 2: single uncrackable password? (e.g. "Ya%e6q$a")

• I raised quite a stink when the APOLLO registry password aging was proposed last year. I insisted that the policy not be implemented until the system to propagate the same password to multiple LAN segments is in place. I also complained bitterly to the BNR Internet Systems when I found out recently that "bnrgate" does its own password checking and my YP password which worked okay for workstations was declared crackable by "bnrgate", resulting in a 24-hour delay for an anonymous ftp session requested by my customer.

• I totally agree with the philosophy of having people set passwords to difficult-to-guess one, as explained in the recent WGA meeting and also by the "bnrgate" administrator. However, my brain is bound by human intellectual limits, and the struggle for tradeoff between memorisability and mental health and welfare jeopardises my already stressed-out BNR worklife. I asked myself "How many passwords and PINs do I have to constantly update and remember?", and the list is simply staggering, as shown attached.

• Now, instead of making endless complaints, I would like to make a constructive suggestion and propose an integrated BNR security facility to set a single BNR password/PIN with consistent aging for anything to with the corporation. Technically, it is almost possible now by the privileged SETPW/CHPASS command to some extent, and the NIS (YP) password is a candidate for the universal BNR password/PIN. The system should run an intelligent algorithm for crackability validation in real time when the user enters the new password. Even though it may consume some CPU time, the effect is offset by the fact that it has to be done once, not 16 times in my example below. It would also encourage BNR employees to set uncrackable ones, and at the same time minimise the uncontrolled proliferation of passwords and PINs within BNR.

passwords to remember at work ::::::::::: password/PIN examples

1. Meridian voice mail ..................... 19916 (must change regularly)
2. IBM VMID SUNATORI at BNRCARL ............ SUN-6 (must change regularly)
3. IBM VMID LIBSTAT at BNRCARL ............. LIB-6 (must change regularly)
4. SUN/HP NIS yppasswd ..................... nis-6 (must change regularly)
5. BNRGATE NIS yppasswd (delayed) .......... nis-5
6. SUN root passwd ......................... wga-6724
7. TEKTRONIX passwd ........................ tek-mine
8. IBM RS/6000 passwd ...................... ibm-mine
9. DEC passwd .............................. dec-mine
10. APOLLO registry (CAR segment) ........... sun-car-6 (must change regularly)
11. APOLLO registry (CRK1 segment) .......... sun-crk-6 (must change regularly)
12. APOLLO registry (CRK2 segment) .......... sun-crk-6 (must change regularly)
13. APOLLO registry (MER segment) ........... sun-mer-6 (must change regularly)
14. APOLLO registry (KAN segment) ........... sun-kan-6 (must change regularly)
15. EDMX password for UNIX cocos/phone ...... EDMX-6 (must change regularly)
16. SETPW/CHPASS privilege (VM) ............. SET-PW (must change regularly)
17. setpw privilege (UNIX) .................. set-pw (must change regularly)
18. xlads/LaDS/Set Password ................. lads-6 (must change regularly)
19. SecurID PIN number ...................... 4897462
20. Call Forward Remote Access PIN .......... 2435117
21. DISA PIN number ......................... 8937845
22. Datapac NUI access ...................... 3815996
23. Ntelpac NUI access ...................... 53562401
24. Macintosh Empower access ................ mac-ep-6
25. Macintosh Night Watch access ............ mac-nw-6
26. Macintosh File Server access ............ mac-fs-6
27. entry to Carling File Server room ....... 4125
28. entry to CAD Plotter room ............... 3231
29. entry to opto-electronics lab ........... 235
30. EESOF Bulletin Board system ............. gss-eesof
31. PKWARE Bulletin Board system ............ gss-vitesse
32. VITESSE Bulletin Board system ........... gss-vitesse
33. VITESSE UUCP file transfer .............. uucp-vitesse
34. CirQon Kermit file transfer ............. kerm-cirqon

• subtotal number of passwords at BNR ===== 34 (13 to change regularly)

passwords to remember at home ::::::::::: password/PIN examples

1. Bank of Nova Scotia PIN ................. 1500
2. Bank of Montreal PIN .................... 9388
3. VISA card PIN ........................... 4502
4. TeleScotia confidential code ............ 11500
5. NT Investment Plan/SunLife .............. 0385
6. home security system .................... 8277
7. combination lock (back yard) ............ 6-59-11
8. combination lock (bicycle) .............. 4-3-2
9. combination lock (briefcase) ............ 929
10. NT Delegate answering machine code ...... 54
11. Bell Canada Call Answer password ........ 231410
12. National Capital Freenet password ....... gss-free
13. EPIX Bulletin Board system .............. gss-epix
14. CAN/OLE On-Line Enquiry System .......... ABE28467
15. GSC On-Line System ...................... GSC39843
16. OBS/SIOS On-Line System ................. OBS42133
17. EFILE Electronic Tax Filing ............. A48341
18. U.S. Information Service ................ GSS-6
19. Datapac/iNet 2000/Envoy 100 ............. GSS-6
20. THE NET Enhanced Fax password ........... 837455

• subtotal number of passwords at home ==== 20 ( 0 to change regularly)

total passwords to remember

• total number of passwords to maintain === 54 (13 to change regularly)

Go to home page/Aller à la page d'accueil

Go to Weblog/Aller au Weblog

English / Français

Comments/Commentaire

"Sunatori, Go Simon" <GS.Sunatori@HyperInfo.CA>

[Donation/Don, SVP]

Copyright/Droit d'auteur © 1995-2024 by/par HyperInfo Canada Inc.

• All rights reserved./Tous droits réservés.
• Produced in Canada./Produit au Canada.

ISBN 978-0-929105-04-8

• 2024-12-17T20:36:00.000Z