Security Basics mailing list archives

Re: Linking Password Length to Write-down probability

From: Doug.Janelle () Thermo com
Date: Fri, 27 May 2005 12:34:12 -0400



In the real world, we have to acept that, not matter how
easy we try to make it for them to remember passwords,
users *will* write them down. In these cases, I encourage
them to at least obfuscate things a bit...don't make it obvious
what they mean. (IOW: for G**'s sake don't write
"ID=myname, PW=Free4All".)

ID's are usually easy(er) to remember, so just write the
password w/o the "PW=".  Throw in an extraneous character
or two...leave one or two characters out...transpose several
characters...anything to make the written data useless to
anyone who might come across it.

dcj2

He claims that prohibiting users from writing down their
passwords is bad for security. His main point is that if users are
prohibited from writing down their passwords, they will use the same
easy to guess password everywhere.

Current thread:

Re: Linking Password Length to Write-down probability, (continued)
- - Re: Linking Password Length to Write-down probability Nick Owen (May 30)
    - RE: Linking Password Length to Write-down probability Andrew Aris (May 31)
- RE: Linking Password Length to Write-down probability Miguel Dilaj (May 27)
- Re: Linking Password Length to Write-down probability Nick Owen (May 30)
- Re: Linking Password Length to Write-down probability Mihai Amarandei (May 30)
- Re: Linking Password Length to Write-down probability Doug . Janelle (May 27)
  - Re: Linking Password Length to Write-down probability Dan Tesch (May 30)
- RE: Linking Password Length to Write-down probability Bob Kurth (May 27)
- Re: Linking Password Length to Write-down probability John Blackley (May 27)
- RE: Linking Password Length to Write-down probability KWajda (May 30)
- Re: Linking Password Length to Write-down probability Doug . Janelle (May 30)
- Re: Linking Password Length to Write-down probability Mark Burnett (May 30)