On passwords, securtiy and real -sweat, blook and tears- life

[A.J. Bonnema]

Hi all,

A common problem with passwords are their guessabilty (yes, as a 
non-native English speaker, I too make up words.....). For instance, 
even though I have taught my daughter to not use dictionary words, names 
etc, her password for one of the online accounts got hijacked. What 
happened was, she used: _____ (five underscores) as a password: arghghgh.

But it did make me think again about the security of my home network. 
Unfortunately most passwords are dictionary words, that are easy to 
guess using f.i. the john password guesser program, combined with 
numbers and if you are lucky a special charactor or two.

What I wonder about is the following:

* given that all ports are closed to external contact through a physical 
allbeit consumer oriented firewall, just means I am safe for 
port-scanners. But does it mean that I am safe from cracker systems / 
programs? Is there a way to break in, without allowing external contact 
through one of the ports? (not including trojans and the like).

* A second issue is: suppose I would force my family to use really 
random passwords (like characters picked from a one-time pad). And now 
suppose I lose my root-password: would I be able to rectify this, 
without destroying the data?

Guus.
-- 
A.J. Bonnema, Leiden The Netherlands,
user #328198 (Linux Counter http://counter.li.org)