Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Please do not change your password

From: Allison Dolan <adolan () MIT EDU>
Date: Thu, 15 Apr 2010 12:04:34 -0400
good point!    given the number of security professionals who write
down passwords, this is a case of 'do as I say, not as I do'...

......Allison  Dolan (617-252-1461)



On Apr 15, 2010, at 11:24 AM, Steve Werby wrote:


I consider the biggest password related failure of the information
security community to be that we demand that users memorize their
passwords (or alternately "don't write them down").  Sure, we don't
want them to attach them to their monitor or hide them under their
keyboard, but do we really believe there's a significant risk if
they're kept in their wallet inside their pocket and written down
in a way that doesn't clearly reveal them?  Or storing them in an
encrypted password vault?  We're causing them to re-use passwords
(http://www.sophos.com/blogs/gc/g/2009/03/10/password-website/) or
create passwords that follow a similar format, which puts the
systems we're trying to protect at significant risk.

Long + unique + write them down securely
Previous By Date Next
Previous By Thread Next

Current thread: