Re: Linking Password Length to Write-down probability

[Nick Owen <nickowen () mindspring com>]

I think the problem with writing them done is where you put them. Most
people would tend to put them under their mousepad.  I have read that
Bruce Schneier recommends putting it in your wallet.  That's ok, as long
as you don't write down your banking password, keep it next to your ATM
card and lose you wallet ;).

Nick

Gonzalo Martinez wrote:
> Hi Stian
>
> A few days ago i read a post at slashdot:
>
> "Microsoft's senior program manager for security policy, Jesper
> Johansson, presents a provocative but interesting view on password
> policy: He claims that prohibiting users from writing down their
> passwords is bad for security. His main point is that if users are
> prohibited from writing down their passwords, they will use the same
> easy to guess password everywhere." From the article: "Since not all
> systems allow good passwords, I am going to pick a really crappy one,
> use it everywhere and never change it...If I write them down and then
> protect the piece of paper--or whatever it is I wrote them down
> on--there is nothing wrong with that. That allows us to remember more
> passwords and better passwords."
> http://it.slashdot.org/article.pl?sid=05/05/24/2047228&tid=172
>
> IMHO as a good BOFH you _MUST_ requiere that all employes use an
> alphanumeric password (8 or 10 chars minimun)... if they dont his
> emails, files, or anything else can be redirected to /dev/null ;)
> No, seriously, i never heard of a "scientific analytical/statistical
> research"  about this subject.
> But take a look at the post on slashdot
>
> good bye

-- 

Nick Owen
WiKID Systems, Inc.
404.962.8983 (desk)
404.542.9453 (cell)
http://www.wikidsystems.com
At last, two-factor authentication, without the hassle factor