Re: Unchangeable passwords
From: Tim Smith (reply_in_group_at_mouse-potato.com)
Date: Sun, 05 Oct 2003 07:37:20 GMT
In article <email@example.com>, Philip Juels
> Anyone have advice on the efficacy of assiging users randomly generated
> passwords and then preventing them from changing their password.
Well, on the one hand, it means no one can pick a stupid a password, and so
if anyone tries a dictionary attack on you, you will be pretty safe.
On the other hand, it means your user's passwords are going to be written
down on pieces of paper stuck to the monitors, meaning that anyone who can
socially engineer their way into your facility will have an easy time.
-- Evidence Eliminator is worthless. See evidence-eliminator-sucks.com --Tim Smith