Re: Incorrect Login Attempts Software
- From: "Ben M. Schorr - MVP (OneNote)" <bens@xxxxxxxxxxxxxxxx>
- Date: Sun, 15 Jun 2008 20:37:40 +0000
Long passphrases don't have to be difficult to remember; even with the complexity requirements.
"My 2 dogs are cute!" is 19(?) characters long, mixed case, with numbers and symbols. You might not even need the exclamation point due to the spaces.
If the user really can't remember the passphrase then a reminder such as "What are the dogs?" could be written on a Post-It and not overtly give away what the passphrase is.
"Star Trek 4 was the BEST one"
"3 More Years - Retire"
"Me+Her=2Smiles"
Lots of easy passphrases that can meet the requirements and that nobody is going to easily guess or brute force.
--
-Ben-
Ben M. Schorr, MVP
Roland Schorr & Tower
http://www.rolandschorr.com
http://www.officeforlawyers.com
"Anteaus" <Anteaus@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:756EAFC8-EE43-4B9F-A1EE-2ACE5643656F@xxxxxxxxxxxxx:
Issue here is that there is a 'watershed point' at which passwords become
non-memorable. People then start writing passwords on post-its attached to
displays. At this point the security of the system plummets.
This is particularly true with 'complexity requirements' which require
numbers, capitals and punctuation, since these prevent the use of a memorable
passphrase.
"Steve Riley [MSFT]" wrote:
> Just use good passwords (I like length better than complexity) and do away
> with account lockout policies completely.
.
- Prev by Date: Re: Incorrect Login Attempts Software
- Next by Date: Re: Incorrect Login Attempts Software
- Previous by thread: Re: Incorrect Login Attempts Software
- Next by thread: Re: Incorrect Login Attempts Software
- Index(es):
