Re: Linking Password Length to Write-down probability
Doug.Janelle_at_Thermo.com
Date: 05/27/05
- Previous message: Diego Kellner: "Re: Leaving a door open?"
- Maybe in reply to: Stian Øvrevåge: "Linking Password Length to Write-down probability"
- Next in thread: Mark Burnett: "Re: Linking Password Length to Write-down probability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Fri, 27 May 2005 12:34:12 -0400
In the real world, we have to acept that, not matter how
easy we try to make it for them to remember passwords,
users *will* write them down. In these cases, I encourage
them to at least obfuscate things a bit...don't make it obvious
what they mean. (IOW: for G**'s sake don't write
"ID=myname, PW=Free4All".)
ID's are usually easy(er) to remember, so just write the
password w/o the "PW=". Throw in an extraneous character
or two...leave one or two characters out...transpose several
characters...anything to make the written data useless to
anyone who might come across it.
dcj2
>He claims that prohibiting users from writing down their
>passwords is bad for security. His main point is that if users are
>prohibited from writing down their passwords, they will use the same
>easy to guess password everywhere.
- Previous message: Diego Kellner: "Re: Leaving a door open?"
- Maybe in reply to: Stian Øvrevåge: "Linking Password Length to Write-down probability"
- Next in thread: Mark Burnett: "Re: Linking Password Length to Write-down probability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
