[somewhat OT] Re: [TriLUG] Linux Lab
Tom 'spot' Callaway
tcallawa at redhat.com
Mon Nov 4 22:39:52 EST 2002
On Mon, 4 Nov 2002, Mike Johnson wrote:
> > 100 freshmen SSNs may seem like immaterial, but not if they are passwords.
> > Makes for a nasty ddos.
>
> Um, I gotta step in here. You point out that one hundred social
> security numbers, complete with names and addresses, are easy to come
> by, and you're worried about access to some silly accounts that could be
> used as a ddos?
Well, sarcasm doesn't flow terribly well across email. Obviously, there
are far worse crimes to be committed with SSNs and corresponding
identifiers. There are also easier ways to get SSNs.
My point was mostly that they make terrible passwords, since a large
percentage of people only change their password if forced to, and the
passwords themselves are in wide use, especially in a University
environment.
> Social security numbers are -supposed- to be secure, they are supposed
> to be -very- protected. While some people don't treat them as
> preciously as they should be, those people are wrong. Now, that doesn't
> mean they should be used as passwords. Banks can mail out PIN numbers,
> why couldn't a university mail out a password?
NCSU is notoriously bad about SSN use. An example: The student IDs still
have the owners SSN on the barcode.
> Mail them out. Or, hand them out with the student ID.
Valid, however, you suffer from the "but, i lost mine" issues. There
should also be a fallback system where a user with ID can
acquire/re-randomize their password.
All systems can be circumvented, you just don't want to make it easy to do
so.
Hey, we should just move to biometrics. That will solve all the issues. ;)
~spot
---
Tom "spot" Callaway <tcallawa(a)redhat*com> Red Hat Sales Engineer
Sair Linux and GNU Certified Administrator (LCA)
Red Hat Certified Engineer (RHCE)
GPG: D786 8B22 D9DB 1F8B 4AB7 448E 3C5E 99AD 9305 4260
The words and opinions reflected in this message do not necessarily
reflect those of my employer, Red Hat, and belong solely to me.
"Immature poets borrow, mature poets steal." --- T. S. Eliot
More information about the TriLUG
mailing list