Security Basics mailing list archives
Re: Linking Password Length to Write-down probability
From: Nick Owen <nickowen () mindspring com>
Date: Fri, 27 May 2005 17:00:42 -0400
I think the problem with writing them done is where you put them. Most people would tend to put them under their mousepad. I have read that Bruce Schneier recommends putting it in your wallet. That's ok, as long as you don't write down your banking password, keep it next to your ATM card and lose you wallet ;). Nick Gonzalo Martinez wrote:
Hi Stian A few days ago i read a post at slashdot: "Microsoft's senior program manager for security policy, Jesper Johansson, presents a provocative but interesting view on password policy: He claims that prohibiting users from writing down their passwords is bad for security. His main point is that if users are prohibited from writing down their passwords, they will use the same easy to guess password everywhere." From the article: "Since not all systems allow good passwords, I am going to pick a really crappy one, use it everywhere and never change it...If I write them down and then protect the piece of paper--or whatever it is I wrote them down on--there is nothing wrong with that. That allows us to remember more passwords and better passwords." http://it.slashdot.org/article.pl?sid=05/05/24/2047228&tid=172 IMHO as a good BOFH you _MUST_ requiere that all employes use an alphanumeric password (8 or 10 chars minimun)... if they dont his emails, files, or anything else can be redirected to /dev/null ;) No, seriously, i never heard of a "scientific analytical/statistical research" about this subject. But take a look at the post on slashdot good bye
-- Nick Owen WiKID Systems, Inc. 404.962.8983 (desk) 404.542.9453 (cell) http://www.wikidsystems.com At last, two-factor authentication, without the hassle factor
Current thread:
- Linking Password Length to Write-down probability Stian Øvrevåge (May 26)
- RE: Linking Password Length to Write-down probability Ryan Platt (May 27)
- Re: Linking Password Length to Write-down probability Gonzalo Martinez (May 27)
- Re: Linking Password Length to Write-down probability Nick Owen (May 30)
- RE: Linking Password Length to Write-down probability Andrew Aris (May 31)
- Re: Linking Password Length to Write-down probability Nick Owen (May 30)
- RE: Linking Password Length to Write-down probability Miguel Dilaj (May 27)
- Re: Linking Password Length to Write-down probability Nick Owen (May 30)
- Re: Linking Password Length to Write-down probability Mihai Amarandei (May 30)
- <Possible follow-ups>
- Re: Linking Password Length to Write-down probability Doug . Janelle (May 27)
- Re: Linking Password Length to Write-down probability Dan Tesch (May 30)
- RE: Linking Password Length to Write-down probability Bob Kurth (May 27)
- Re: Linking Password Length to Write-down probability John Blackley (May 27)
- RE: Linking Password Length to Write-down probability KWajda (May 30)
- Re: Linking Password Length to Write-down probability Doug . Janelle (May 30)
(Thread continues...)