Security Basics mailing list archives

RE: Security procedure question

From: "Cort Boecking" <cort.boecking () lottery ok gov>
Date: Mon, 2 Oct 2006 14:37:49 -0500

We had our users write their passwords down without a corresponding
username, if they had to, and keep them in their wallet or purse like a
credit card.  We taught them this method in security awareness classes.
We had very good success with this.  We also went around the office
periodically to ensure that they were not hiding those passwords in
their office area. 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Pranav Lal
Sent: Saturday, September 30, 2006 8:33 AM
To: security-basics () securityfocus com
Subject: RE: Security procedure question

Hi all,

I remember reading somewhere that one practice for having strong
passwords was to allow the users to write them down but treat the paper
on which they were written like a credit card. If I remember correctly,
the argument went that since people don't leave credit cards lying
around, they would not leave their passwords lying around either.

Has anyone tried this approach?

Pranav


------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has
designated Norwich University a center of Academic Excellence in
Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

RE: Security procedure question Pranav Lal (Oct 02)
- RE: Security procedure question Cort Boecking (Oct 03)
- Re: Security procedure question Mario A. Spinthiras (Oct 03)
  - RE: Security procedure question Nick Duda (Oct 03)
- Re: Security procedure question dubz (Oct 03)
- <Possible follow-ups>
- RE: Security procedure question Jordan Jason (Oct 03)
- RE: Security procedure question Maqhinga Sikhosana (Oct 03)
- RE: Security procedure question missy . augustine (Oct 03)
  - Re: Security procedure question Nic Stevens (Oct 03)
  - Re: Security procedure question Mario A. Spinthiras (Oct 04)
- RE: Security procedure question Craig Wright (Oct 05)