Re: Unchangeable passwords

From: Tim Smith (reply_in_group_at_mouse-potato.com)
Date: 10/05/03

  • Next message: Tim Smith: "Re: Unchangeable passwords"
    Date: Sun, 05 Oct 2003 07:37:20 GMT
    
    

    In article <4cdea80b.0310031014.47322f6@posting.google.com>, Philip Juels
    wrote:
    > Anyone have advice on the efficacy of assiging users randomly generated
    > passwords and then preventing them from changing their password.

    Well, on the one hand, it means no one can pick a stupid a password, and so
    if anyone tries a dictionary attack on you, you will be pretty safe.

    On the other hand, it means your user's passwords are going to be written
    down on pieces of paper stuck to the monitors, meaning that anyone who can
    socially engineer their way into your facility will have an easy time.

    -- 
    Evidence Eliminator is worthless.  See evidence-eliminator-sucks.com
    --Tim Smith
    

  • Next message: Tim Smith: "Re: Unchangeable passwords"