Educause Security Discussion mailing list archives
Re: Password Security (more law)
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Thu, 25 Oct 2007 16:48:23 -0400
On Thu, 25 Oct 2007 14:38:38 CDT, Lee Weers said:
How does writing passwords or password hints down any worse than storing them in a compromised password safe utility? This is also assuming that the paper is stored in a "secure" location ie locked desk, on their person?
The average university has an amazing number of employees that do *not* have a locked desk or similar long-term storage. Think maintenance crews, groundskeepers, food service - all those people who are most likely to *not* be IT-oriented. If they leave it at home, it's of no use if they're part of the not-online-yet world. And if they bring it to work so they can use a computer on-site, that means "wallet" or "purse".
Can't it be argued that storing passwords in a password safe is writing it down?
Tell you what - I'll be more than happy to accept that argument the first time you document a 75-pound safe used to store written-down passwords dropping out of somebody's back pocket.
Attachment:
_bin
Description:
Current thread:
- Re: Password Security (more law) Steven Alexander (Oct 25)
- <Possible follow-ups>
- Re: Password Security (more law) Valdis Kletnieks (Oct 25)
- Re: Password Security (more law) Lee Weers (Oct 25)
- Re: Password Security (more law) Valdis Kletnieks (Oct 25)
- Re: Password Security (more law) Roger Safian (Oct 26)