Educause Security Discussion mailing list archives
Re: Password Expatriation notification
From: Charles Buchholtz <chip+educause () SEAS UPENN EDU>
Date: Thu, 19 Aug 2010 15:49:39 -0400
On Thu, Aug 19, 2010 at 12:04:30PM -0700, Alex Keller wrote:
re: I've watched people who have trouble typing try to enter passwords and pass-phrases. When every character takes 5 seconds to type, a 9 character password is much easier than a 16 character pass-phrase. however, it is often easier for people to type passphrases (even poor typists) becuase the keystrokes are familiar. i am not a great typist and i can type "Should we go back to the moon?" much faster than "vf$1048Za".
I agree - it is difficult to predict who will prefer pass-phrases and who will prefer passwords. For people going to pass-phrases, are you preventing people from picking common catch-phrases? I'm not seeing brute force pass-phrase guessing attacks, but I'd prefer to learn from history and build in my defense now. I liked the idea of Googling the pass-phrase (in quotes) and counting the hits, but that would involve sending all of our passwords in clear over the internet from our password management machine's IP. It's too bad - Google makes a really good password/passphrase vetter. --- Chip Charles H. Buchholtz Director of Systems Programming chip () seas upenn edu School of Engineering and Applied Science http://www.seas.upenn.edu/~chip University of Pennsylvania
Current thread:
- Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification, (continued)
- Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification SCHALIP, MICHAEL (Aug 19)
- Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Walter Moore (Aug 19)
- Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Valdis Kletnieks (Aug 19)
- Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Charles Buchholtz (Aug 19)
- Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Valdis Kletnieks (Aug 19)
- Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Charles Buchholtz (Aug 19)
- Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Eric Case (Aug 19)
- Re: (***POSSIBLE SPAM***) Re: [SECURITY] Password Expatriation notification Deke Kassabian (Aug 19)
- Re: Password Expatriation notification Alex Keller (Aug 19)
- Re: Password Expatriation notification SCHALIP, MICHAEL (Aug 19)
- Re: Password Expatriation notification Charles Buchholtz (Aug 19)
- Re: Password Expatriation notification Eric Case (Aug 19)
- Re: Password Expatriation notification charlie derr (Aug 19)
- Re: Password Expatriation notification Eric Case (Aug 19)
- Re: Password Expatriation notification James Farr '05 (Aug 19)
- Re: Password Expatriation notification SCHALIP, MICHAEL (Aug 19)
- Re: Password Expatriation notification Eric Case (Aug 19)
- Re: Password Expatriation notification Eric Case (Aug 19)
- Re: Password Expatriation notification Morrow Long (Aug 19)
- Re: Password Expatriation notification Allison Dolan (Aug 19)
- Re: Password Expatriation notification Ullman, Catherine (Aug 19)