Educause Security Discussion mailing list archives

Re: Password Security (more law)

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Thu, 25 Oct 2007 16:48:23 -0400

On Thu, 25 Oct 2007 14:38:38 CDT, Lee Weers said:

How does writing passwords or password hints down any worse than storing
them in a compromised password safe utility?  This is also assuming that
the paper is stored in a "secure" location ie locked desk, on their
person?


The average university has an amazing number of employees that do *not*
have a locked desk or similar long-term storage.  Think maintenance crews,
groundskeepers, food service - all those people who are most likely to *not*
be IT-oriented.  If they leave it at home, it's of no use if they're part of
the not-online-yet world.  And if they bring it to work so they can use
a computer on-site, that means "wallet" or "purse".

         Can't it be argued that storing passwords in a password safe is
writing it down?


Tell you what - I'll be more than happy to accept that argument the first time
you document a 75-pound safe used to store written-down passwords dropping out
of somebody's back pocket.

Attachment: _bin
Description:

Current thread:

Re: Password Security (more law) Steven Alexander (Oct 25)
- <Possible follow-ups>
- Re: Password Security (more law) Valdis Kletnieks (Oct 25)
- Re: Password Security (more law) Lee Weers (Oct 25)
- Re: Password Security (more law) Valdis Kletnieks (Oct 25)
- Re: Password Security (more law) Roger Safian (Oct 26)