funsec mailing list archives

Re: 1 in 3 workers write down passwords

From: Ron <iago () valhallalegends com>
Date: Tue, 17 Oct 2006 19:37:44 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Dude VanWinkle wrote:

One in three workers jot down passwords: study
http://today.reuters.com/news/articlenews.aspx?type=technologyNews&storyID=2006-10-17T205533Z_01_N17230049_RTRUKOC_0_US-LIFE-PASSWORDS.xml&WTmodLoc=TechNewsHome_C1_%5bFeed%5d-9


Hmm, I generally tout myself as a security guy, but I have to admit,
even I do that sometimes.

Generally, when I'm given a password for a remote system that is
something like "7QbbBr2CqqS", I'll write the password, all by itself, on
a yellow sticky note and stick it to my monitor for a week or two, until
I feel like I've memorized it well enough to toss (fine, eat) the note.

I think one of the major issues is: stupid passwords.  I've spent time
at places that have completely asinine password policies (must be 8
characters or longer, letters and numbers and at least 2 symbols, no
spaces, no 2 characters within every 4 characters can be the same, etc.
etc. etc.).  Worse yet, the users are GIVEN a password that looks like
somebody sat on a keyboard, and is expected to memorize it.

I think that we really have to make a request of password-based software:
- - Allow spaces
- - No maximum length
- - Encourage a pass phrase

When I hand out a password, it's usually 16 or so characters long, and
extremely easy to memorize.  Usually, it resembles line from a song or
television show or something I see in the room.  Then it's nearly
impossible to crack or guess.


I'm probably just rambling.  But I really hate the common password
policies.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFNXdXfqSf2EkP4p4RAgzPAJ9k9bZj6c+TDEh7YZT8iZGn/H44mwCZAY+a
uTYUIgykNWDzLxst9uUo+fY=
=xRAG
-----END PGP SIGNATURE-----
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

1 in 3 workers write down passwords Dude VanWinkle (Oct 17)
- RE: 1 in 3 workers write down passwords Richard M. Smith (Oct 17)
  - RE: 1 in 3 workers write down passwords Drsolly (Oct 17)
    - RE: 1 in 3 workers write down passwords Richard M. Smith (Oct 17)
- Re: 1 in 3 workers write down passwords Drsolly (Oct 17)
  - Re: 1 in 3 workers write down passwords Dude VanWinkle (Oct 17)
- Re: 1 in 3 workers write down passwords Ron (Oct 17)
  - Re: 1 in 3 workers write down passwords Dude VanWinkle (Oct 17)
  - Re: 1 in 3 workers write down passwords coderman (Oct 18)
    - Re: 1 in 3 workers write down passwords Dude VanWinkle (Oct 18)
    - Re: 1 in 3 workers write down passwords coderman (Oct 18)
- <Possible follow-ups>
- RE: 1 in 3 workers write down passwords Toralv_Dirro (Oct 18)
- Re: 1 in 3 workers write down passwords Fergie (Oct 18)
  - Re: 1 in 3 workers write down passwords coderman (Oct 18)
    - Re: 1 in 3 workers write down passwords Brian Loe (Oct 18)