HP OpenVMS Systems

ask the wizard
Content starts here

Password policy, security?

» close window

The Question is:

If I try to set my password to be equal to my username, the system complains,
 indicating that the password is in the dictionary.
If I try to set my password to be equal to my username followed by my first
 initial, the system complains, indicating that the password is weak.
Three questions:
1. Where is this behaviour documented? For a site security review I would like
 to document the rules that VMS is implicitly enforcing. [BLISS or other
 language source would be accepted if that is the only existing documentation.]
2. How does this behaviour interact with a site-specific password filter
If I put in a filter would it replace the above implicit behaviour? Or would a
 potential password have to pass both the implicit checks made by VMS and the
 explicit checks in my filter? Or some more complicated interaction?
3. In the first scenario (username equal to password), I assume that this is
 just someone being tricky with a status. Is this correct?
That is, my username is not an English dictionary word that I am aware of.
 Returning the same message/status ("weak") in the two scenarios might have
 been clearer.

The Answer is :

  For access to the source listings, please see the order numbers
  in the OpenVMS FAQ.
  Details in this particularly area are subject to change without
  notice, and detection of weak passwords is an obvious area
  of potential improvement -- the OpenVMS Wizard would prefer
  to see users learn how to pick better passwords, rather than
  to learn how to pick just-slightly-better-than-bad passwords.
  And the OpeNVMS Wizard cannot rule out enhancements within
  the password filtering mechanisms.
  If you wish to allow users to pick arbitrarily bad passwords,
  on the other hand, please disable the history mechanism and
  the dictionary, or -- simpler, similarly effective, and far
  more obvious -- set the user's password string to null.
  The site-specific password policy module will supplement the
  basic the OpenVMS password filter.
  Password- and authentication-related topics include (4612),
  (1461), (1475), (1645), (2938), (3233), (3883), and (5508).
  Also (9034).  There are other topics, as well.

answer written or last revised on ( 24-NOV-2003 )

» close window