https://community.hpe.com/t5/operating-system-openvms/increasing-complexity-of-login-passwords/m-p/5184724#M30510 Using openvms 7.3-2 on an alpha server.<BR /><BR />We want to require more complex passwords than what we have currently setup, but don't want to use genpwd -- i.e. something that would forbid "easy to guess passwords" such as "112233" or "asdf12" (which appear to be O.K. as far as the pwddic is concerned).<BR /><BR />Any pointers/links will be appreciated.<BR /><BR />Thanks Wed, 01 Jul 2009 08:15:19 GMT sandyt 2009-07-01T08:15:19Z https://community.hpe.com/t5/operating-system-openvms/increasing-complexity-of-login-passwords/m-p/5184724#M30510 Using openvms 7.3-2 on an alpha server.<BR /><BR />We want to require more complex passwords than what we have currently setup, but don't want to use genpwd -- i.e. something that would forbid "easy to guess passwords" such as "112233" or "asdf12" (which appear to be O.K. as far as the pwddic is concerned).<BR /><BR />Any pointers/links will be appreciated.<BR /><BR />Thanks Wed, 01 Jul 2009 08:15:19 GMT https://community.hpe.com/t5/operating-system-openvms/increasing-complexity-of-login-passwords/m-p/5184724#M30510 sandyt 2009-07-01T08:15:19Z https://community.hpe.com/t5/operating-system-openvms/increasing-complexity-of-login-passwords/m-p/5184725#M30511 Sandyt,<BR /><BR />you can set up your own password policy checker.<BR /><BR />See the excellent write up and links from Steve Hoffman at<BR /><BR /><A href="http://labs.hoffmanlabs.com/node/643" target="_blank">http://labs.hoffmanlabs.com/node/643</A><BR /><BR />Duncan Wed, 01 Jul 2009 08:40:41 GMT https://community.hpe.com/t5/operating-system-openvms/increasing-complexity-of-login-passwords/m-p/5184725#M30511 Duncan Morris 2009-07-01T08:40:41Z https://community.hpe.com/t5/operating-system-openvms/increasing-complexity-of-login-passwords/m-p/5184726#M30512 As Duncan wrote, You can add your own password policy module.<BR />Or simpler you can add your easy to guess passwords to the password dictionary.<BR />And I question why "asdf12" is easier to guess than any other 6 character password. As a first action I would require at least 8 character passwords. Wed, 01 Jul 2009 09:02:49 GMT https://community.hpe.com/t5/operating-system-openvms/increasing-complexity-of-login-passwords/m-p/5184726#M30512 Joseph Huber_1 2009-07-01T09:02:49Z https://community.hpe.com/t5/operating-system-openvms/increasing-complexity-of-login-passwords/m-p/5184727#M30513 Thanks for the quick response.<BR /><BR />You are correct that increasing password length would help, but at the moment I can only "tweak" existing policy.<BR /><BR />I will try the macro32 password policy.<BR /><BR />As a stop-gap, are there maybe any "improved" password dictionary additions that are available to download?<BR /><BR />Thanks Thu, 02 Jul 2009 03:02:08 GMT https://community.hpe.com/t5/operating-system-openvms/increasing-complexity-of-login-passwords/m-p/5184727#M30513 sandyt 2009-07-02T03:02:08Z https://community.hpe.com/t5/operating-system-openvms/increasing-complexity-of-login-passwords/m-p/5184728#M30514 Maybe a search for "password dictionary file" will find some.<BR />Also password security checker programs like JohnTheRipper contain dictionary files, especially those frequently used by cracker programs.<BR />( <A href="http://www.openwall.com/john/" target="_blank">http://www.openwall.com/john/</A> )<BR /><BR />To add dictionaries to the VMS dictionay file, see the following files at<BR /> <A href="http://wwwvms.mppmu.mpg.de/vms$common/sysmgr/" target="_blank">http://wwwvms.mppmu.mpg.de/vms$common/sysmgr/</A><BR /><BR />ADD_PASSWORD_DICTIONARY.COM <BR />convert_list_to_password_dictionary.com <BR />merge_password_dictionary.com <BR /><BR />The convert_list... procedure converts a text-file with one password per line into a VMS formatted (ISAM) file, which then can be merged into a VMS dictionary file. Thu, 02 Jul 2009 07:30:10 GMT https://community.hpe.com/t5/operating-system-openvms/increasing-complexity-of-login-passwords/m-p/5184728#M30514 Joseph Huber_1 2009-07-02T07:30:10Z https://community.hpe.com/t5/operating-system-openvms/increasing-complexity-of-login-passwords/m-p/5184729#M30515 Follow the Passwords taxonomy around the site for more than you probably care on this topic:<BR /><BR /><A href="http://labs.hoffmanlabs.com/taxonomy/term/112" target="_blank">http://labs.hoffmanlabs.com/taxonomy/term/112</A><BR /><BR />Articles include John The Ripper and other brute-force attacks, dictionary updates, generated passwords, no-password logins, certificates, Kerberos and single-signon, the aforementioned password filter, etc. Thu, 02 Jul 2009 12:33:22 GMT https://community.hpe.com/t5/operating-system-openvms/increasing-complexity-of-login-passwords/m-p/5184729#M30515 Hoff 2009-07-02T12:33:22Z