Re: Good passwords and security priorities
From: sinister (sinister_at_nospam.invalid)
Date: 04/28/05
- Previous message: sinister: "Re: Good passwords and security priorities"
- In reply to: Anne & Lynn Wheeler: "Re: Good passwords and security priorities"
- Next in thread: Anne & Lynn Wheeler: "Re: Good passwords and security priorities"
- Reply: Anne & Lynn Wheeler: "Re: Good passwords and security priorities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 27 Apr 2005 22:52:16 GMT
"Anne & Lynn Wheeler" <lynn@garlic.com> wrote in message
news:m3wtqq4h60.fsf@lhwlinux.garlic.com...
> "sinister" <sinister@nospam.invalid> writes:
>> I have the impression that in many situations, simple but critical
>> security protection measures are overlooked, even though complicated
>> but less vital measures are implemented.
>>
>> Isn't it true that a policy enforcing good passwords is critical,
>> and a set of security policies that overlooks that is flawed?
>
> one big issue is that when using shared-secrets ... the policy
> requires a unique password/pin for every distinct security domain
> (i.e. you don't want the password for online banking, connecting to
> your neighborhood isp, and your employee shared secret to all be the
> same). the proliferation of unique electronic security domains
> sometimes results in a single person required to have scores of unique
> passwords.
>
> many time, a security officer for a specific security domain will
> totally ignore the human factors issues involved when a person is
> required to memorize scores of complex, hard to guess passwords that
> possibly change once a month. a myopic security policy that operates
> as if it is the only security domain ... and is specifying the only
> password that a person is required to memorize ... is overlooking
> real-world reality and human factors. people have hard enuf time
> memorizing a complex password that is changing monthly ... but it
> becomes impossible when a person is faced with scores of such
> situations.
Overall, I don't disagree; I have a list of all my passwords for work and
personal business on my home computer, and it's quite long, which is a real
hassle.
However, at my work nearly all the risk is with break-ins from remote places
in cyberspace. So there's nothing wrong with most users just writing their
password down and leaving it in a desk drawer.
> misc. past postings on shared-secrets
> http://www.garlic.com/~lynn/subpubkey.html#secrets
>
> a couple past postings on a specific password policy recommendation
> http://www.garlic.com/~lynn/2001d.html#52 OT Re: A beautiful morning in
> AFM.
> http://www.garlic.com/~lynn/2001d.html#51 OT Re: A beautiful morning in
> AFM.
>
>
> --
> Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
- Previous message: sinister: "Re: Good passwords and security priorities"
- In reply to: Anne & Lynn Wheeler: "Re: Good passwords and security priorities"
- Next in thread: Anne & Lynn Wheeler: "Re: Good passwords and security priorities"
- Reply: Anne & Lynn Wheeler: "Re: Good passwords and security priorities"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
