Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Please do not change your password

From: "Tonkin, Derek K" <Derek_Tonkin () BAYLOR EDU>
Date: Fri, 16 Apr 2010 09:48:39 -0500
Which is I said at the end you could create three levels or maybe four but, for instance, I could decide to treat my 
passwords for my cell provider, insurance company, and paypal the same and use one password for all of my online sites 
that have no monetary component.  It still reduces the overhead.

Derek Tonkin

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis 
Kletnieks
Sent: Friday, April 16, 2010 9:28 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Please do not change your password

* PGP Signed by an unknown key

On Fri, 16 Apr 2010 08:49:01 CDT, "Tonkin, Derek K" said:


I think a lot of the confusion and difficulty could be reduced by losing the
thinking that each password bif I'm responsible, needs to be differentb.  I
think this is one of those areas where the cost vs. risk mitigated is badly out
of balance.  Youbve clearly established that you basically have two sets of
information, sensitive and non-sensitive.  To me that would indicate the need
for two passwords.


Except that in most cases, the "sensitive" information can't be treated as
"sensitive to the same constituency", so it can't be blindly lumped
together as "two sets of info".

* Unknown Key
* 0xB4D3D7B0
Previous By Date Next
Previous By Thread Next

Current thread: