Re: Passwords for bank sites - change or not?
- From: Sheik Yurbhuti <anon@xxxxxxxxxxxxxxx>
- Date: 19 May 2006 19:45:50 -0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Jim Watt <jimwatt@xxxxxxxxxx> wrote:
On 18 May 2006 20:45:18 -0000, Sheik Yurbhuti <anon@xxxxxxxxxxxxxxx>
wrote:
If you personally are installing your PM software on every machine
you're using Jim, I submit you've breached yet another tenet of basic
security. And that if you're not routinely rotating your passwords
your methodology is severely flawed.
Perhaps you need to read what was said more carefully.
Perhaps *you* need to quit obfuscating. Like this...
Good security does not depend on a simple password, and the
actual electronic banking systems I use implement other measures.
Good for them. It still doesn't change the fact that others use
passwords, nor does it do anything to dispute the fact that routine
changing of passwords is simply good security policy. It doesn't even
address your *own* situation because you claim you do have around a
hundred passwords you have to keep track of. Banking or what not is
irrelevant.
what I do object to is systems which insist on changing passwords
where access is not particularly critical and as I do rely on
remembering passwords and have a lot of them which are unique
to the system changes are tedious.
We know you object to it. The point is you're objecting to doing
something the right way because you believe it's too much bother. Not
only is your opinion irrelevant to what others feel comfortable with, it
addresses *none* of the OP's questions regarding which method is
considered more secure or why someone might force a given policy.
All security is a compromise betwen making things difficult but
still allowing them to be usable. Electronic banking is targeted
at the masses, not known for their caution.
Agreed. But *good* security is a compromise that offers the most
protection without undue inconvenience. This makes regular changes
preferable to unchanging passwords in about 99% of all cases. And
that's regardless of whether you can remember them, or have to securely
store and recall them somehow.
I find it interesting that you've twice now conveniently neglected to
tell us what method you use to "remember" the hundred or so passwords
you claim to "remember" Jim. Why is that?
If I were a betting man I'd wager you either have them stored in some
encrypted file, or write them down in a proverbial "little black book".
The security implications of the latter aside, either of these methods
means you'd have no trouble what so ever managing 6 month periodical
changes. None.
Its certainly about time a standard PC came with a smartcard
reader to add another layer of authentication. However simple
passwords are not enough for anything sensitive.
More obfuscation. Passwords are popular right now, today, and
they're what's being discussed right here, right now.
I warned you you wouldn't get very far with the tact you took Jim.
Zig-zagging back and forth across it doesn't seem to be working out
either.
The OP asked about three financial sites that required passwords, and
whether or not the one that mandated changes was compensating for
something. The only logical and obvious answer is that the one
mandating regular changes is doing a *better* job of safeguarding your
private information than the other two. At least as far as password
management and access goes anyway.
-----BEGIN PGP SIGNATURE-----
iD8DBQFEbhAzno5iexlRIBERA+6uAKDasZzoU2ahaF/yXooxi/03pxoYAgCfSKmd
f7GCGlzxgIf75uzCup9yYKw=
=Pphr
-----END PGP SIGNATURE-----
.
- References:
- Passwords for bank sites - change or not?
- From: Gualtier Malde
- Re: Passwords for bank sites - change or not?
- From: Zoned
- Re: Passwords for bank sites - change or not?
- From: Sheik Yurbhuti
- Re: Passwords for bank sites - change or not?
- From: Sheik Yurbhuti
- Re: Passwords for bank sites - change or not?
- From: Anne & Lynn Wheeler
- Re: Passwords for bank sites - change or not?
- From: Sheik Yurbhuti
- Re: Passwords for bank sites - change or not?
- From: Sheik Yurbhuti
- Passwords for bank sites - change or not?
- Prev by Date: Re: subnetting (helps security)
- Next by Date: Re: Passwords for bank sites - change or not?
- Previous by thread: Re: Passwords for bank sites - change or not?
- Next by thread: Re: Passwords for bank sites - change or not?
- Index(es):
Relevant Pages
|
