Educause Security Discussion mailing list archives
Re: Please do not change your password
From: Kevin Kelly <kelly () WHITMAN EDU>
Date: Fri, 16 Apr 2010 13:17:32 -0700
Why not use a program like Keepass and use random strong passwords for everything? I just need to know two passwords, one to log on to my computer and the pass phrase to open KeepPass. KeepPass provides copy and paste of user name and passwords, so I don't even know or care what most of my password are. -- Kevin Kelly Director, Network Technology Whitman College ----- Original Message ----- From: "Derek K Tonkin" <Derek_Tonkin () BAYLOR EDU> To: SECURITY () LISTSERV EDUCAUSE EDU Sent: Friday, April 16, 2010 7:48:39 AM Subject: Re: [SECURITY] Please do not change your password Which is I said at the end you could create three levels or maybe four but, for instance, I could decide to treat my passwords for my cell provider, insurance company, and paypal the same and use one password for all of my online sites that have no monetary component. It still reduces the overhead. Derek Tonkin -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis Kletnieks Sent: Friday, April 16, 2010 9:28 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Please do not change your password * PGP Signed by an unknown key On Fri, 16 Apr 2010 08:49:01 CDT, "Tonkin, Derek K" said:
I think a lot of the confusion and difficulty could be reduced by losing the thinking that each password bif I'm responsible, needs to be differentb. I think this is one of those areas where the cost vs. risk mitigated is badly out of balance. Youbve clearly established that you basically have two sets of information, sensitive and non-sensitive. To me that would indicate the need for two passwords.
Except that in most cases, the "sensitive" information can't be treated as "sensitive to the same constituency", so it can't be blindly lumped together as "two sets of info". * Unknown Key * 0xB4D3D7B0
Current thread:
- Re: Please do not change your password, (continued)
- Re: Please do not change your password John Ladwig (Apr 15)
- Re: Please do not change your password Geoff Nathan (Apr 16)
- Re: Please do not change your password Allison Dolan (Apr 16)
- Re: Please do not change your password Tonkin, Derek K (Apr 16)
- Re: Please do not change your password Valdis Kletnieks (Apr 16)
- Re: Please do not change your password Tonkin, Derek K (Apr 16)
- Re: Please do not change your password Koerber, Jeff (Apr 16)
- Re: Please do not change your password Eric Case (Apr 16)
- Re: Please do not change your password Matthew Gracie (Apr 16)
- Re: Please do not change your password Steve Werby (Apr 16)
- Re: Please do not change your password Kevin Kelly (Apr 16)
- Re: Please do not change your password Russell Fulton (Apr 17)