Re: funsec Digest, Vol 14, Issue 31

[Randall Mueller <randallm () fidmail com>]

> ----------------------------------------------------------------------
>
> Message: 1
> Date: Tue, 17 Oct 2006 23:23:29 +0100 (BST)
> From: Drsolly <drsollyp () drsolly com>
> Subject: Re: [funsec] 1 in 3 workers write down passwords
> To: Dude VanWinkle <dudevanwinkle () gmail com>
> Cc: "FunSec \[List\]" <funsec () linuxbox org>
> Message-ID: <Pine.LNX.4.44.0610172318180.16198-100000 () ns2 drsolly com>
> Content-Type: TEXT/PLAIN; charset=US-ASCII
>
>
> No, that undermines security.
>
> People who need three dozen passwords and have believed this silly  
> rule
> about not writing them down, have to:
>
> 1) Choose trivially easy passwords if they're allowed to (eg,  
> password =
> username)
>
> 2) Choose the same password on every system they use
>
>
> People who enforce the silly rule about not writing them down, and  
> enforce
> a change every month:
>
> 1) Have not understood how passwords get compromised
>
> 2) Probably have a lot more passwords to remember than the average  
> user,
> and so - write them down.
>
> 3) Have become accustomed to being phoned up and asked for the  
> password,
> and have become accustomed to give out the password on request.


Writing down should be taught along side of "Fudging" your password.  
Best dang thing I ever heard of.
If you haven't heard of this it is adding extra numbers or letters  
that are your "Fudging" letters. Now the user simply has to
look at the written down password and only remember their "fudge"  
letters and not enter those. Like,  "m8ypaFss3word" I only have to  
remember the 8, F and 3. Remove them and their you have it  
"mypassword". Love it.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.