Re: Unchangeable passwords

From: Tim Smith (
Date: 10/05/03

  • Next message: Tim Smith: "Re: Unchangeable passwords"
    Date: Sun, 05 Oct 2003 07:37:20 GMT

    In article <>, Philip Juels
    > Anyone have advice on the efficacy of assiging users randomly generated
    > passwords and then preventing them from changing their password.

    Well, on the one hand, it means no one can pick a stupid a password, and so
    if anyone tries a dictionary attack on you, you will be pretty safe.

    On the other hand, it means your user's passwords are going to be written
    down on pieces of paper stuck to the monitors, meaning that anyone who can
    socially engineer their way into your facility will have an easy time.

    Evidence Eliminator is worthless.  See
    --Tim Smith

  • Next message: Tim Smith: "Re: Unchangeable passwords"