Password FAQ
Questions List
- How does Sonic determine if my password is insecure?
- How can I generate safe passwords?
- How many possible passwords are there?
- How do I change my password on Sonic?
Answers List
-
How does Sonic determine if my password is insecure?
In order to maintain security, Sonic tests our password database on a regular basis. The password database is encrypted, so there's no way for us to look at a password. The idea is to attack the passwords by using a guessing approach.
A sequence of words, names, patterns and modifications are encrypted, then compared to the encrypted password database. If a match is found, then that user's password can be guessed, and is not secure.
-
How can I generate safe passwords?
Q.16 From the Usenet Security FAQ:
The only way to get a reasonable amount of variety in your passwords (I'm afraid) is to make them up. Work out some flexible method of your own which is NOT based upon:
- modifying any part of your name or name+initials
- modifying a dictionary word
- acronyms
- any systematic, well-adhered-to algorithm whatsoever
For instance, NEVER use passwords like:
- alec7 - it's based on the users name (& it's too short anyway)
- tteffum - based on the users name again
- gillian - girlfiends name (in a dictionary)
- naillig - ditto, backwards
- PORSCHE911 - it's in a dictionary
- 12345678 - it's in a dictionary (& people can watch you type it easily)
- qwertyui - ...ditto...
- abcxyz - ...ditto...
- 0ooooooo - ...ditto...
- Computer - just because it's capitalized doesn't make it safe
- wombat6 - ditto for appending some random character
- 6wombat - ditto for prepending some random character
- merde3 - even for French words...
- mr.spock - it's in a sci-fi dictionary
- zeolite - it's in a geological dictionary
- ze0lite - corrupted version of a word in a geological dictionary
- ze0l1te - ...ditto...
- Z30L1T3 - ...ditto...
I hope that these examples emphasis that ANY password derived from ANY dictionary word (or personal information), modified in ANY way, constitutes a potentially guessable password.
-
How many possible passwords are there?
Q.18 From the Usenet Security FAQ:
Most people ask this at one time or another, worried that programs will eventually grow in power until they can do a completely exhaustive search of all possible passwords, to break into a specific users' account - usually root.
If (to simplify the math) we make the assumptions that:
- Valid passwords are created from a set of 62 chars [A-Za-z0-9]
- Valid passwords are to be between 5 and 8 chars long
Then the size of the set of all valid passwords is: (in base 62)
100000+
1000000+
10000000+
100000000=
---------
111100000(base 62)
A figure which is far too large to usefully undertake an exhaustive search with current technologies. Don't forget, however, that passwords CAN be made up with even more characters then this; you can use "space", all the punctuation characters, and symbols (~|\#$%^&*) too. If you can use some of all the 95 non-control characters in passwords, this increases the search space for a cracker to cover even further.
-
How do I change my password on Sonic?
There are two ways to change your password:
- You can login to your shell account. At the prompt, type:
passwd
The system will then ask you to enter a password and verify the new password.
Go to the Member Tools Area and click on the password changing tool link, then follow the directions there.
Now change your password in any software that has your password stored in it. Note your password is case sensitive, make sure you know what case you use on each letter. The system may take up to an hour to propagate your password to all the systems.
We cannot look up passwords, so if you can't remember it, you will have to call us at 547-3400 during Technical support hours and one of our technicians will change it for you.
- You can login to your shell account. At the prompt, type:
passwd
