Re: Consumer Security Web Site
nom.de.guerre_at_bonbon.net
Date: 06/29/04
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Consumer Security Web Site"
- Maybe in reply to: David Harper: "Consumer Security Web Site"
- Next in thread: Sullivan Tim P: "RE: Consumer Security Web Site"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 29 Jun 2004 19:34:26 -0000 To: focus-ms@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <20040628212518.JPST9422.mta06-svc.ntlworld.com@mail.leafgrove.com>
Agreed.
We recently evaluated a product which had a password retrieval scheme where the 'secret answer' was your pet's name, but it had to be 8 charecters or more. An associate and I looked at each other and mouthed "Complex Pet Names" simultaneously.
If the data is so sensitive that an approriate password cannot be memorized,IMO, you should start adding authentication factors...tokens, call back mechanisms, or other restrictions.
>There are lots of myths out there on what qualifies as a good password and
>while all us techies would love our users to pick something really complex
>(read "nasty") the fact remains that they would rather pick the name of
>their dog or football team. So, a few tips on choosing something easy to
>remember and hard to crack, and obfuscating their dogs name might be nice :)
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Consumer Security Web Site"
- Maybe in reply to: David Harper: "Consumer Security Web Site"
- Next in thread: Sullivan Tim P: "RE: Consumer Security Web Site"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
