Re: Security procedure question

["Mario A. Spinthiras" <mario () netway com cy>]

Saqib Ali wrote:
> > You might also check out our paper for '02 - "Strong Passwords are an
> > Oxymoron"
>
> I don't buy this. Try using "cryptographically strong but
> Pronounceable password", and provide a SSO solution to the user. More
> details at:
> http://www.xml-dev.com/blog/index.php?action=viewtopic&id=122
>
> Single Sign On is a must if you want to enforce strong password 
> policy....
Good morning Saqib,

That makes two of us. My thoughts exactly!! A requirement for passwords 
is definately not if one can pronounce it. Id feel safer if a user COULD 
NOT pronounce it. That makes it extra safe for a user not to give it 
away verbally but then again it could increase the risk of it being 
written down. Therefore I suggest a compromise between the two since 
end-user stupidity cannot be avoided. No more thoughts on this for now 
since its early in the morning and I havent even had coffee yet. :)


Many Thanks,
Mario A. Spinthiras


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------