MANY years ago, before we migrated to RACF on MVS, we used a security package on VSE that was a little "weak". We could actually see the users password. One morning a programmer, Mike Austin, walked into my office and stated that he had forgotten his password while on a one day vacation. I had him step out of my office since he would be able to see other folks passwords when I looked for his. I opened the dataset and found his password. It was....... A I assume he set it that way so he would not forget it. Fortunately we went to MVS and RACF shortly after that.
> Date: Wed, 23 Jan 2013 10:57:04 +0100 > From: [email protected] > Subject: Re: Password (was: slightly O/T but interesting) > To: [email protected] > > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Thomas Berg > Sent: Wednesday, January 23, 2013 10:46 > To: [email protected] > Subject: SV: Password (was: slightly O/T but interesting) > > > -----Ursprungligt meddelande----- > > Från: IBM Mainframe Discussion List [mailto:[email protected]] > > För Paul Gilmartin > > Skickat: den 22 januari 2013 15:13 > > Till: [email protected] > > Ämne: Password (was: slightly O/T but interesting) > > > > On Tue, 22 Jan 2013 07:57:43 -0600, Elardus Engelbrecht wrote: > > > > > >Some of my users, before we enforced better (?) password rules and > > >regulations, some of my bored users were using one character/number > > >password. Nothing can beat that super extra-fast entry, but see below. > > >;-D > > > > > >(With ids only in SYS1.UADS where you define TSO ids without a > > >password, only ENTER (key, not the word, dummy) is needed. No > > >password > > >- Mach speed entry. :-D ) > > > > > TSO used to accept "userid/password<ENTER>" I knew someone who used > > "/" as his password. (He didn't conceal it.) So: > > > > userid//<ENTER> > > > > ... one transaction; minimum hand movement. > > > > When I begun using TSO the password dataset was unprotected, I could both > read it and - I think - change the content... :) Those were the days... :) > > > > > Regards > Thomas Berg > > To overcome that, we already had an encryption algorithm in a TSO exit: shift > the password 1 bit to the left before storing it. > > Kees. > > ******************************************************** > For information, services and offers, please visit our web site: > http://www.klm.com. This e-mail and any attachment may contain confidential > and privileged material intended for the addressee only. If you are not the > addressee, you are notified that no part of the e-mail or any attachment may > be disclosed, copied or distributed, and that any other action related to > this e-mail or attachment is strictly prohibited, and may be unlawful. If you > have received this e-mail by error, please notify the sender immediately by > return e-mail, and delete this message. > > Koninklijke Luchtvaart Maatschappij NV (KLM), its subsidiaries and/or its > employees shall not be liable for the incorrect or incomplete transmission of > this e-mail or any attachments, nor responsible for any delay in receipt. > Koninklijke Luchtvaart Maatschappij N.V. (also known as KLM Royal Dutch > Airlines) is registered in Amstelveen, The Netherlands, with registered > number 33014286 > ******************************************************** > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
