Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×

Bad Password Allowed Swedish Watergate 248

Posted by CmdrTaco from the thats-why-my-password-is-swordfish dept.
fredr1k writes "The Swedish Watergate reported earlier this week was possible because of the usage of terrible weak passwords (Swedish) and a not functional IT policy. The Swedish newspaper Göterborgs-Posten reports the source of the password was a partymember who's account was "sigge" with password "sigge" and was "stolen" in march this year. Seasoned Slashdot readers would call it "a-not-so-hard-to-crack-password". "
This discussion has been archived. No new comments can be posted.

Bad Password Allowed Swedish Watergate More

Bad Password Allowed Swedish Watergate

Comments Filter:

  • Hmmm... (Score:3, Funny)

    by BrokenHalo ( 565198 ) on Wednesday September 06, 2006 @11:23AM (#16052559)
    Seasoned Slashdot readers would call it "a-not-so-hard-to-crack-password".

    I would have thought a snotty-nosed 11-year-old would regard that password as not-so-hard-to-crack. Oh well, nothing to see here, move on please...

  • Incredible! (Score:5, Funny)

    by Guaranteed ( 998819 ) on Wednesday September 06, 2006 @11:24AM (#16052561)
    I've got the same password on my briefcase!

  • Effective PW (Score:5, Funny)

    by oahazmatt ( 868057 ) on Wednesday September 06, 2006 @11:24AM (#16052564) Journal
    Let's not forget the user who actually had a decent password.

    uid: schef
    pwd: mmborkburdyhurdymurdy

  • Many theories about leaked passwords (Score:5, Informative)

    by pipatron ( 966506 ) <pipatron@gmail.com> on Wednesday September 06, 2006 @11:26AM (#16052583) Homepage
    There are atleast three ways this password could have been found. a) My brother lives in the town where these passwords were leaked, and he said that their office use unencrypted WLAN. b) The guy who presumably leaked it is in the office right next to the guy called 'Sigge'. c) As the article thinks: The password was very easy to crack. The latest rumour is that the guy who leaked the password (the left party) had a homosexual affair with the guy who *used* the password (the right party).
    • The latest rumour is that the guy who leaked the password (the left party) had a homosexual affair with the guy who *used* the password (the right party).

      This is a joke, right? If that's true we're in for more drama (and laughs) than should even be legal.

  • Password (Score:4, Funny)

    by Frankie70 ( 803801 ) on Wednesday September 06, 2006 @11:27AM (#16052600)
    The Swedish newspaper Göterborgs-Posten reports the source of the password was a partymember who's account was "sigge" with password "sigge"

    My next password is going to be Göterborgs-Posten.
    Try cracking that.

    • Re:Password (Score:5, Funny)

      by grazzy ( 56382 ) <(ten.ews.ekauq) (ta) (yzzarg)> on Wednesday September 06, 2006 @11:39AM (#16052718) Homepage Journal
      Since they spelled Göteborg wrong, yeah, it'll be a damn good password.

    • Re: (Score:2)

      by wootest ( 694923 )
      It's nice how the submitter manages to slip up in *two* languages. The name of the newspaper is Göteborgs-Posten, Göteborg being the Swedish name for Gothenburg.

  • Honestly unsurprising (Score:5, Insightful)

    by mendaliv ( 898932 ) on Wednesday September 06, 2006 @11:27AM (#16052602)
    They're politicians, not security experts. I hear about this sort of problem all the time... in my own workplace, we talk about the people on the 3rd floor with their one-character passwords and machines that are hacked into on a daily basis.

    In the end of course, the system administrator is going to catch heat for not having a strong password policy. Even though he/she would've caught hell if there had been one implemented in the first place.
    • That's when you tell the suits that you have no control over it, "it's built into the system".

    • Re:Honestly unsurprising (Score:4, Informative)

      by hdw ( 564237 ) on Wednesday September 06, 2006 @12:05PM (#16052959)
      Well the it admin/manager _should_ catch heat for it.

      We're not talking about some small 3 person company here. We're talking a (by swedish standards) large and established political party organisation.

      If I was made responsible for running that net/service I'd ask for a security policy established by management and make sure that we followed up on it's use.

      The damage that can be inflicted on an organisation like this by one single idiot with access to that net is massive.

      If the admin is the only tech savvy enough to understand those issues then it's his or hers frikken obligation to take that issue up with management and explain what could happen.

      But should also note in this issue that gaining unathorized access to a private network is illegal, no matter how this access was achieved.

      It should be quite obvious to any of the people involved that accessing data from a rival party's internal network is a criminal offence. // hdw

    • Re:Honestly unsurprising (Score:5, Insightful)

      by hazem ( 472289 ) on Wednesday September 06, 2006 @12:07PM (#16052971) Journal
      In the end of course, the system administrator is going to catch heat for not having a strong password policy. Even though he/she would've caught hell if there had been one implemented in the first place.

      This is where the sysadmin has to figure out how to make a convincing argument that the suits will understand. If he thinks a strong password policy is important, that is.

      Suits aren't security experts, and they don't need to be. In fact, they're not necessarily experts in everything/anything. That's where the sysadmin needs to learn the same skills that everyone else uses to influence them. Make a case, with pros and cons, costs and benefits and make a proposal. It doesn't have to be extensive. I just has to have the information needed to make a decision.

      Then, let them make the decision. If they say "yes", then you have their backing when enforcing an unpopular policy - and they're already in the know when people complain. If they say "no"... well, you've covered your backside, or if you really believe it in, you need to make a more convincing case.

      It's not black magic... but so many IT folks are either unable or unwilling to talk to non-IT decision-makers in a way that gets them to make favorable decisions. It's an important skill.
      • I recommend instead of trying to make the case yourself, hire an independent firm to review the IT security and controls you are using. A CPA firm's IT consultants/auditors lend a bit more weight -- deserved or not-- than straight-up tech consultancies.

        Then, during the review, tell the auditor that you are concerned about your organization's poor use of passwords and want to see it on the final report of findings and recommendations. If you have any other security or training wants/needs that you haven't be

  • End user password selection (Score:5, Informative)

    by trazom28 ( 134909 ) on Wednesday September 06, 2006 @11:28AM (#16052603)
    This is all too common in many places. One company I worked for, about.. 1/3 to 1/2 of the users used some form of their name, and a number incrementation. I freaked out one who was *-18 asking him.. "so, you've been here a year and a half?" He had no idea how I did the math on that one.

    Eventually, we put in place a very, very restrictive password policy. No incrementing numbers, no password similar to last month's password, etc. You wouldn't believe the riots in the streets. But, we held firm, and eventually, the noise died down, and everyone finally is using more secure passwords.

    • Re: (Score:2)

      by Enoxice ( 993945 )
      That's nothing. The default password for the domain at my school is 1$[mmddyy]

      where [mmddyy] is birthday, if you didn't catch that.

    • Re:End user password selection (Score:5, Insightful)

      by Zadaz ( 950521 ) on Wednesday September 06, 2006 @11:38AM (#16052704)
      And I'm sure a vast increase on post-it notes with cryptic characters stuck on monitors and backs of keyboards.
      • One of my first places that I worked in IT, took a tour of the place. Found post-it notes with "PASSWORD: " and what it was.. on monitors.. in the Financial Audit department.

    • Re: (Score:3, Insightful)

      by baadger ( 764884 )
      I'd like to know why you can view user passwords in plaintext anyway....

      • Re: (Score:2)

        by Nimey ( 114278 )
        If it was like $ORK[-1], the supervisors would have people write down their passwords on a piece of paper that was (one hopes) locked in the supervisor's desk. It was stupid and unnecessary because everything was on Active Directory and so passwords could be easily reset if lost.

    • Re:End user password selection (Score:5, Interesting)

      by tygerstripes ( 832644 ) on Wednesday September 06, 2006 @11:54AM (#16052860)
      Can't remember where I read it (prolly /.), but there was an article that gave a very convincing argument to the effect that changing your password every month is totally without benefit. It's a common-rule-of-thumb kind of practice that has been handed down from admin to admin for years, probaby from early Unix days, and doesn't have any useful purpose anymore.

      Incremental-number passwords are an inevitable side-effect of this sort of policy and, even where password policy is more carefully implemented, the fact that average-joe users have to change it monthly anyway is a chore that WILL lead to short-cuts and, ultimately, weak passwords (or rather, associative passwords that are easy to infer after a little observation).

      Try just having a very strict policy on passwords, and scrapping the regular-change part of it. People can be imaginative and obscure once, but ask them to do it regularly and they get sloppy.

      • If a password gets written down, buried in a pile of paper, and thrown into the dumpster six months later, then regular password changing will prevent a breach. It will also cover up the real problem.

        If an employee leaves and goes crazy later, and if you didn't change all his passwords when he left, then a regular change policy will avoid one problem. Of course it's more likely that a problem employee will strike back immediately. Or will have planted back doors before leaving.

        Regular password changing adds

    • Re:End user password selection (Score:5, Insightful)

      by Score Whore ( 32328 ) on Wednesday September 06, 2006 @12:00PM (#16052917)
      I worked as a contractor for the Air Force for a while. They had a real strong policy in place on the Windows domain with the appropriate DLLs that would disallow "weak" passwords. Weak passwords being anything less than six letters; must have three of: upper case, lower case, numbers, symbols; must be substantially different than previous passwords; must not include words in it. Except that their dictionary includes two and three letter words. So you could have a password such as '1xIf%at$3' and it would be invalid since it has two two-letter words 'if' and 'at'. When deciding to implement draconian enforcement of your policies make sure your enforcement processes aren't stupid.

    • Re:End user password selection (Score:4, Interesting)

      by hswerdfe ( 569925 ) <slashdot.org@nOS ... d.swerdfeger.com> on Wednesday September 06, 2006 @12:29PM (#16053192) Homepage Journal
      ahh, yes More Secure.
      one system I log into at work requires "strong passwords"
      ie
        * has to be very diffrent from your last 10 passwords
        * has to have special chars
        * has to change your password every 2 months.

      the problem is I login to this system every 6 weeks.
      so every! time need to login I
        1. Call the IT desk
        2. Ask them to reset my password
        3. They Email me my password.
        4. I login

      When the password is reset there is no Idenification of me.
      They simply assume that access to my work email is valid enough

      By Increasing the level of security They have effectivly reduced the level of security to that of a seperate system (company email).

      BTW: company email pollicy is change every 6 months, incrimenal is allowed.

      Question:
      How many requests of Password resets do you get with your system?
      What method of Password distribution do you use?
      What method of verification do you use on reseting a password?

    • Why does IT want to wield password policy like a club?
      Are their egos so ... (nevermind)

      The obvious solution is to do some simple training for the employees.
      I've read many effective approaches on /. which can be taught in 10-15 minutes.
      This can be incorporated into new employee orientation or annual Data Privacy
      updates.
      Users are often unhappy with their interaction with corporate IT already. Why be so adversarial?

      • Re: (Score:3, Insightful)

        by Ykant ( 318168 )

        Why does IT want to wield password policy like a club?[...]The obvious solution is to do some simple training for the employees.

        And when simple training doesn't work, you just end up beating people over the head anyway. What sense would it make to teach someone corporate policy and then not enforce it?

        "Please try to keep your password complex. Yes, I know the system allows you to set it to your puppy's name every other month, but don't, mmkay?"

        Users are often unhappy with their interaction with corpor

    • A supervisor I know uses a password of, I swear, "1234". Unfortunately, he doesn't think that's a problem.
    • ... by weak, I mean easily memorizable that doesn't need to get written down on a Post-It Note affixed to the monitor :)

      The security of any authentication system is the product of many factors. A "tight" [unbypassable] system facing brute-force has two main factors: the strength of the pw and the cost of bad guesses. ATM PINs can be very weak because the cost of bad guesses is high -- eaten card.

      More along these lines should be done for computer systems so security doesn't rest on strong secrets. Incre

  • Other passwords of note. (Score:5, Funny)

    by Tackhead ( 54550 ) on Wednesday September 06, 2006 @11:28AM (#16052611)
    President Scroob: 12345
    President Nixon: iam!acrook
    President Clinton I: hopemyhusbanddoesntfindoutaboutthepassword
    President Bush I: anybodybutmysons
    President Clinton II: wishmyhusbandtoldmemonicawasbi8yearsago
    President Bush II: 12345
    President Quayle I: potatoe

    Don't blame me for that last one. My password was "colbertstewart2012".

  • Password? (Score:5, Interesting)

    by madshot ( 621087 ) on Wednesday September 06, 2006 @11:29AM (#16052619) Homepage Journal
    Here is the real question.. Is it a USER problem or an ADMINISTRATOR problem. Sounds like they need to hire a new IT director with a since of security. If that IT director allows passwords like that he probably also is running a firewall hosted in a Windows XP Pro machine and ICS and no service packs or hot fixes. All of the internal IP addresses are 192.168.x.x because of ICS so I'm sure the server is .1. Heck, the director might have even turned on Remote Desktop Administration on the box so he could manage it from home without a VPN and the administrator accounts password on that box is either blank, password, or god. Well, best of luck to their director or whomever is in charge of their computer network.

  • Seriously (Score:5, Informative)

    by Psionicist ( 561330 ) on Wednesday September 06, 2006 @11:31AM (#16052627)
    This is non-news. What happened was a member of the Social Democrats youth section _gave_ a username and password to a former member in the Liberal Party (which are not liberal at all BTW) youth section, around 2005! Of course, as the Social Democrats are about to lose the election (september 17th) they use this "news" to spread some primitive form of political FUD about the opposition.

    • Re: (Score:3, Informative)

      by hdw ( 564237 )
      Well, first off all.
      The story that he was given the password has gone a bit dry now, since it's more than one password that has been used and the alleged giver denies the fact and has sued him for defamation.

      But lets assume that that peice of story is true.

      Then handing the information over to other members of his new party isn't very smart.
      And using this information to access a rival party's internal network to download internal information several times over 9 months, and passing this information on to sen
      • Actually presenting it just 14 days before the election would be just enough time to change the peoples votes in the election to secure the election.

        Its perfectly timed!

        • Re: (Score:2)

          by hdw ( 564237 )
          Well I'd say a month would have been better.

          And timing or no timing doesn't change the fact that the crime has been commited over several months, nor does it change that several senior people within the party knew about it for several months but failed to act.

          Nor does it change the fact that the party leader knew about it from sunday evening, yet spent two days of public interviews stating that he didn't. // hdw
    • FUD or not, they stupidly walked straight into the trap and now they're sitting with all these IP logs as solid evidence where it's much harder to prove the Social Democrats actually gave any password or not.
  • Run crack weekly on your password repository. Lock any accounts cracked. Create a web page where people can generate strong passwords, don't expect them to think them up. Have single sign on/login to reduce the numbers of passwords to remember.

     
  • From TFA:
    Själv tycker han inte att han handskats ovarsamt med sina inloggningsuppgifter.

    Translation:
    He don't think he's been careless with his login info.

    Hasn't anyone explained to him yet how stupid and careless this was?

  • Keyboard Patterning - at least it makes them think (Score:5, Interesting)

    by w33t ( 978574 ) on Wednesday September 06, 2006 @11:36AM (#16052679) Homepage
    You know, in my department we've found that a great way to introduce users to more complicated passwords is to introduce them as keyboard pattern passwords.

    Of course we have complexity requirements, but it's amazing how a user can find a way to simplify a complexity requirement. Think a user unknowledgeable, but never think a user unclever - I always say...well, actually that's the first time I've said that...back to my point.

    While these patterned passwords may not be as hard to crack as truly random passwords, they are at least non-semantic.

    for example 1al02sk93dj8 - I imagine this password is probably pretty common, but if it were scrawled on a stickynote on someones monitor it would discourage causual account browsing by a coworker.

    Does anyone know if brute-force methods take into account keyboard patterning?

    by the way 1al02sk93dj8 is not my accounts password - so don't even think about trying it! ;)
    • I wonder how common it is for a user to have something like "1al02sk93dj8" written on a postit on their monitor, when in fact all they have to remember about their password is that the 'sk' in the middle is really a 'RD' making their real password "1a102RD93dj8"

      This would (I imagine) wind up being significantly more secure to outside attacks (those who can't see the postit) while still being moderately secure to inside attacks (joe shmo trying to login on his console)....

      thoughts?
    • dictionary attack.
      I remember readily available dictionaries containing only what you expect to see in an off the self dictionary 15-20 years ago then slowly they added star trek references then all sifi/film/book references.
      The dictionaries are being updated with actual passwords, so coming across you example and deviations is not as low as you think.
      Failing that brute forcing 8 characters is getting easier as CPU time becomes cheaper.

      • Re: (Score:3, Insightful)

        by Chazmyrr ( 145612 )
        The fact that you can brute force an account at all is not an indicator that strong passwords are needed. It is an indication that you need to disable an account after a number of unsuccessful attempts. The determining factor for how strong the password needs to be is whether the account is disabled for a few minutes or requires an administrator to unlock it.

        If the account requires an adminstrator to unlock it after three failed attempts, nothing is gained from requiring a strong password. Any password that

        • I think you hit the nail on this one. I wish I'd have mod points right know. There is way too much effort going on trying to get people to use obscure passwords. The simple fact is that limiting the number of possible login tries would basically render any bruteforce attacks unusable, which is why we have to have complex passwords in the first place. If you see more than ten attempts, you can be pretty sure it is a bruteforce attack. It could be the user him/herself trying to remember the password or it co

  • password tips (Score:5, Funny)

    by digitalderbs ( 718388 ) on Wednesday September 06, 2006 @11:37AM (#16052680)
    This is a good opportunity to outline a few tips for strong passwords. For example, I use my username twice and the number of states as my password.
  • The password could've been "password" (which used to be the default email password for one company). Back in the days of Windows NT, "hockey" was a popular password at several different companies (not sure why). Of course, "yousuck" was also a common password for a lot of Windows 95 systems at another company.

    • Re: (Score:2, Funny)

      by ArsenneLupin ( 766289 )
      Of course, "yousuck" was also a common password for a lot of Windows 95 systems at another company.

      Wouldn't that have been more appropriate for Windows Me systems...

  • Swedish passwords (Score:5, Funny)

    by MadFarmAnimalz ( 460972 ) on Wednesday September 06, 2006 @11:43AM (#16052750) Homepage
    Yes, Swedish passwords are weak. We Danes have known this for many years; it is inevitable given that the average number of syllables per word in Swedish is 1.22 (scientific studies have shown it!).

    "sigge", a duosyllabic password, is an indication that the user was a member of the upper strata of Swedish society, with Abba and Ace of Base.

    (NB: I can handle pissed off Swedes, but not moderators lacking the humor gene)

    • Re: (Score:2)

      by hdw ( 564237 )
      Sigge is a nickname, and almost all nicknames tend to be duosyllabic, at least in swedish or english, can't comment on danish since I can't understand it (unless written :)).

      Most likely since it sounds snappier.
      Compare "Microsoft sucks" and "MS (emmess) sucks". // hdw

  • Not only bad password. (Score:4, Informative)

    by Lussarn ( 105276 ) on Wednesday September 06, 2006 @11:44AM (#16052758)
    From what I understand (having trouble understanding the laymensterms of daily tabloids) it was also a completely open wifi network.

    • Re: (Score:2)

      by hdw ( 564237 )
      Well yes and no.

      There is (at least) two different issues at hand.

      One is that local party office in Umppa Lumppa somehere had, at least for a while, an open Wlan network.
      I'm not surprised, once after scanning our office for illegal Wlan gates I shoved my laptop with dstumbler running in my backpack and biked home thru Stockholm.
      When I got home I had a list of 40+ wide open nets, several for large comapanies and public organisations (identifed by tags).

      The other is that a number of unathorized indivuals gaine

  • newspaper name (Score:2, Informative)

    by freddej ( 122902 )
    Just to be "picky", Göterborgs-Posten should read Göteborgsposten" after the Swedish town Göteborg.
  • A good solid password will have at least 7 alpha-numeric characters and at least 1 non alpha-numeric. For example don2006 is a shitty password. However don2006$ is not. The problem you will encounter is a basic user needs to be able to remember this password and will typically use it in more places than they should. This is impossible to manage so the best solution is to find hard to crack requirements that are easy to remember. don2006$ is a reasonable password for a normal user. More advanced users who
    • Just wondering; do you have any idea how much requiring at least one digit and one non-alphanumeric character reduces the search space? The Germans had a similar policy for their Enigma codes; look how well that worked out for them.

  • A little joke (Score:5, Funny)

    by SlashGet ( 985115 ) on Wednesday September 06, 2006 @11:53AM (#16052857) Homepage
    - What's the opposite to firewall? - Watergate

  • choosing good passwords (Score:4, Funny)

    by rice_burners_suck ( 243660 ) on Wednesday September 06, 2006 @12:08PM (#16052986)
    mine is 12345. Nobody would ever guess that one. It's a password only an idiot would put on his luggage.

  • All Your Swedes (Score:5, Funny)

    by Kamiza Ikioi ( 893310 ) on Wednesday September 06, 2006 @12:25PM (#16053159)
    Captain: Take off every 'sigge' !!
    Captain: You know what you doing.
    Captain: Move 'sigge'.
    Captain: For great justice.


    Seasoned Slashdot readers would call it "a-not-so-hard-to-crack-password"


    Seasoned Slashdot readers probably use zig:zig on BugMeNot and other "social" logins. I guess it just translates different in Sweden, kinda cute even... mental images [savethechildren.org.uk] of the Swedish Chef singing AYB.
    • Why oh why oh why does Save The Children have a picture of the Swedish Chef on their webspace? Does he go around clearing minefields as charity work or something?
  • We might soon see a law stating that it ain't hacking if the security is too weak to be considered security. Ahhh, the good ol' days shall return!
    • Erh, unathorized access has never been legal.

      An unlocked or even missing door doesn't save you from that.

      A web page with "Click here for access to internal informantion (don't click if you're not authorized)." is enough to bring criminal charges for unathorized access.

      There are other things that are more questionable.

      If I'm handed a link that bypasses security (and the message) then it can be hard to state that I've commited anything illegal, ie someone has to prove that I knew that I wasn't athorized.

      But b
      • Actually it is.

        You don't secure your WiFi network and someone uses it. No hacking, because it is quite possible that you deliberately keep it open. You allow anonymous FTP access to your server. Not illegal to use it, same reason.

        Might be different in less free countries, but here, that's the law. Unless it does require you to bypass some kind of security mechanism (though the law does not specify just what actually IS a security mechanism. Is user: "anonymous" pass:(yourmailaddress) already a security mech

        • Re: (Score:2)

          by hdw ( 564237 )
          Ah true.

          Connecting to a beaconing, unprotected Wlan and use it to surf the net make it very hard to prove that it was unauthorized access.

          I have that prob with one of me sons computers, it prefers to connect to the unprotected gateway in the apartment below instead of the one he should, which is painful when they want to play LAN games.

          But using such a connection to scan the internal network for login and passwords is illegal.

          It's hard to say that you just happened to park your car outside an opposing party
  • If you believe the people on battle.net (especially Diablo 2), they get "hacked" by other users.

    However, after talking a bit with them, you find out that:
    1. they gave away their password for some unknown reason (and the "hacker" simply logged in and changed their password)
    2. they installed maphack or some other shit (which can also include some other things, i.e. a keylogger)
    3. they used a weak password (such as, oh, I dunno.... "password" <g>)

    This, my friend, can give a bad name to ANY operating syst

  • Bait (Score:4, Interesting)

    by miffo.swe ( 547642 ) <daniel@hedblom.gmail@com> on Wednesday September 06, 2006 @12:38PM (#16053262) Homepage Journal
    Many of us swedes thinks this was a planned event where the login was "leaked" to the opposition by purpouse. The swedish social democrats would probably stop at nothing to keep in power. The person who did the breakin (Per Jodenius) was a former Social Democrat. This person is from the same town (Växjö) and local Social Democrat Youth member in the same circuit as the journalist ( Fredrik Sjöshult )who blowed the whistle. The fact that this happened just hours after the leading party (from the polls) had his turn in the national TV is to much for it to be a coincidense.

    Ugly indee and not very democratic.

    Its like, if you hassled a country for not being democratic and then imposed sanctions on them for choosing the wrong people in the votings....oh, wait..

  • *sigh*, of course. (Score:3, Insightful)

    by SocialEngineer ( 673690 ) <invertedpanda@@@gmail...com> on Wednesday September 06, 2006 @12:47PM (#16053357) Homepage

    I've been put under some pretty inane password policies in my (limited) years on this planet. Names in reverse, 1337-variations on password, numerical addendums to dictionary words, just plain dictonary words ("nochance" was popular at one place I frequented).. Oh, and I heard from a friend who worked at Radioshack that most of the important passwords were something very, very, VERY easy. I'll leave you to figure it out.

    You know what I have been recommending recently as a password policy? Fake inventory ID tags. Put a fake inventory ID tag on each device (keyboard, mouse, monitor, tower), with a portion of the ID on one of the items at each station being the actual password. Set a login attempt limiter, which will discourage trial and error. Not only do you need physical access, you need to know the general policy to discover the password from the "inventory tags". Heck, it could just be 8 letters out of a 24-character alphanumeric. Too bad it got shot down for something "simpler" the last place I suggested it to.. ugh.

  • Neither English nor Swedish is my mother tongue.

    Everything began in Skövde [Swedish city]

    In the eye of the storm is social democrat Stig-Olof Friberg. His password was the key to the FP-scandal: [FP = Folkpartiet, the "cracker party"]

    "I'm enraged. Tough election tactics are ok, but they must be fair".

    "In what school can you learn computer hacking that you're so good at?" - the question's asked by a longhaired boy in the class at Rudebeck school in Tidaholm, where the youth movements hold
    • "Worst of it all is that this increases disenchantment with politicians. It's an attack on democracy".

      The evening sun throws long shadows over the pink facade of the FP in the center of Skövde. It's half past five, and the atmosphere in the office is lättsam[??], despite the circumstances. A quickly called meeting with the [local?] workgroup is just about to begin as Göteborg-Posten [article is in this paper] tells the news that Niki Westerberg has been charged[?] with a crime.

      Christer
  • Seasoned Slashdot readers would call it "a-not-so-hard-to-crack-password"

    Is that the technical term?

  • From Glorious [eddieizzard.com]...

    "Oh. Password protected. Billion possible chances."

    "Er..."

    "Jeff."

    "Hey!"

    "How did you know it would be Jeff?"

    "I knew there'd be a back door."

    In films, the guy who made the software has always left a back door,

    so he could get back in when he wanted and look at all the missiles and go, "Ooh".

    And put one on his head.

    "And the guy who made the software was called Jeff Jeffety Jeff, born on the first of Jeff, Nineteen-Jeffety-Jeff."

    "So I put in Jeff and hey."

  • It may not be obvious to non-Swedes, so FYI "sigge" is a common nickname for Sixten -- his forename.

  • It is a SOOOO not-so-hard-to-crack-password that . (Score:3, Funny)

    by unity100 ( 970058 ) on Wednesday September 06, 2006 @03:23PM (#16054550) Homepage Journal
    ... i wouldnt even attempt to crack it ...

    But then again, that would make it a password that is not so not-so-hard-to-crack-password ...

Slashdot Top Deals

"If it ain't broke, don't fix it." - Bert Lantz

Close