Educause Security Discussion mailing list archives

Re: Student paper "editorial" on robust passwords

From: "David Wall @ Yozons, Inc." <david.wall () YOZONS COM>
Date: Thu, 23 Sep 2004 09:49:39 -0700

The more robust the password policy, often the less secure the system becomes.  It is funny to see that the policy so 
onerous, but they end with the note, " You can also help to protect your own identity by not giving your password away 
to others."  Therein lies the rub.  And with such hard to remember passwords, you can be sure they'll be written down.  
It's also funny that they remember the previous 10 passwords, but then don't require a user to change their password, 
so users will never change their passwords.  The question I'd like to know is how they store those 10 passwords they've 
remembered.  We'll probably find they are simply stored in the clear in the database <wink>

David

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.

Current thread:

Student paper "editorial" on robust passwords Dan Updegrove (Sep 23)
- <Possible follow-ups>
- Re: Student paper "editorial" on robust passwords David Wall @ Yozons, Inc. (Sep 23)
- Re: Student paper "editorial" on robust passwords Gordon D. Wishon (Sep 23)
- Re: Student paper "editorial" on robust passwords Lucas, Bryan (Sep 23)
- Re: Student paper "editorial" on robust passwords Ron Parker (Sep 23)
- Re: Student paper "editorial" on robust passwords Arlene Yetnikoff (Sep 23)
- Re: Student paper "editorial" on robust passwords Lucas, Bryan (Sep 23)
- Re: Student paper "editorial" on robust passwords Ryan Matteson (Sep 23)
- Re: Student paper "editorial" on robust passwords David Wall @ Yozons, Inc. (Sep 23)
- Re: Student paper "editorial" on robust passwords David L. Wasley (Sep 24)
- Re: Student paper "editorial" on robust passwords Kevin Shalla (Sep 24)