Re: Please do not change your password

[Kevin Kelly <kelly () WHITMAN EDU>]

Why not use a program like Keepass and use random strong passwords for everything?  I just need to know two passwords, 
one to log on to my computer and the pass phrase to open KeepPass.  KeepPass provides copy and paste of user name and 
passwords, so I don't even know or care what most of my password are.

--
Kevin Kelly
Director, Network Technology
Whitman College

----- Original Message -----
From: "Derek K Tonkin" <Derek_Tonkin () BAYLOR EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU
Sent: Friday, April 16, 2010 7:48:39 AM
Subject: Re: [SECURITY] Please do not change your password

Which is I said at the end you could create three levels or maybe four but, for instance, I could decide to treat my 
passwords for my cell provider, insurance company, and paypal the same and use one password for all of my online sites 
that have no monetary component.  It still reduces the overhead.

Derek Tonkin

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Valdis 
Kletnieks
Sent: Friday, April 16, 2010 9:28 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Please do not change your password

* PGP Signed by an unknown key

On Fri, 16 Apr 2010 08:49:01 CDT, "Tonkin, Derek K" said:

> I think a lot of the confusion and difficulty could be reduced by losing the
> thinking that each password bif I'm responsible, needs to be differentb.  I
> think this is one of those areas where the cost vs. risk mitigated is badly out
> of balance.  Youbve clearly established that you basically have two sets of
> information, sensitive and non-sensitive.  To me that would indicate the need
> for two passwords.

Except that in most cases, the "sensitive" information can't be treated as
"sensitive to the same constituency", so it can't be blindly lumped
together as "two sets of info".

* Unknown Key
* 0xB4D3D7B0