RML51 (11/14/2008)
No knock on the script, but I question the value of truly random passwords.I think I have a pretty good memory. I have my credit card number memorized (okay - maybe that's a bad thing :hehe:). For passwords I think there should be some sensible pattern.
I tend to build passwords (at least 9 char) using the user's initials mixed-up, or a misspelling of their name with odd capitalization. I usually include part of they phone number, and/or birth date, and I always include a special character or two. The point is that it's something that forms a memorable pattern to the user. I think I can do this and still maintain a high level of security.
The perfect use, at least for us, is for any SQL instance we install. All SA accounts need a different password, otherwise if only a few or one were used, one compromised server would quickly become many. We store these passwords in another location, a secured flat file with password, and anytime we need to access that server we look it up.
Gaby________________________________________________________________"In theory, theory and practice are the same. In practice, they are not." - Albert Einstein