funsec mailing list archives
Re: funsec Digest, Vol 14, Issue 31
From: Randall Mueller <randallm () fidmail com>
Date: Tue, 17 Oct 2006 20:56:37 -0500
---------------------------------------------------------------------- Message: 1 Date: Tue, 17 Oct 2006 23:23:29 +0100 (BST) From: Drsolly <drsollyp () drsolly com> Subject: Re: [funsec] 1 in 3 workers write down passwords To: Dude VanWinkle <dudevanwinkle () gmail com> Cc: "FunSec \[List\]" <funsec () linuxbox org> Message-ID: <Pine.LNX.4.44.0610172318180.16198-100000 () ns2 drsolly com> Content-Type: TEXT/PLAIN; charset=US-ASCII No, that undermines security.People who need three dozen passwords and have believed this silly ruleabout not writing them down, have to:1) Choose trivially easy passwords if they're allowed to (eg, password =username) 2) Choose the same password on every system they usePeople who enforce the silly rule about not writing them down, and enforcea change every month: 1) Have not understood how passwords get compromised2) Probably have a lot more passwords to remember than the average user,and so - write them down.3) Have become accustomed to being phoned up and asked for the password,and have become accustomed to give out the password on request.
Writing down should be taught along side of "Fudging" your password. Best dang thing I ever heard of. If you haven't heard of this it is adding extra numbers or letters that are your "Fudging" letters. Now the user simply has to look at the written down password and only remember their "fudge" letters and not enter those. Like, "m8ypaFss3word" I only have to remember the 8, F and 3. Remove them and their you have it "mypassword". Love it.
_______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: funsec Digest, Vol 14, Issue 31 Randall Mueller (Oct 17)