[TriLUG] Securely and Accurately transmit passwords

[Jeremy Portzer]

Chris Knowles wrote:

> Recently we've started seeing that they've taken these cards, taped them
> into their laptops in plain sight.  (And occasionally annotated them
> with much too much information as to what that password would buy you.)
> 
> Since the passwords are complex, phone conversations tend to lead to a
> lot of phonetic spelling and shouting.  

Maybe the problem is the passwords are TOO complex requiring all but the 
most anal sysadmin to refer to a written reference?  Maybe you could 
consider simplifying them a bit so people can more easily remember them? 
  E.g. something like "2 of the 3:  digit, capital letter, or symbol." 
Something like "Must contain at least 2 of each:  digit, capital 
letters, and symbols" is much harder to deal with.

Also, do users pick their passwords or do you pick them arbitrarily?

There are a lot of 'social' aspects to password complexity schemes that 
are interesting to study.  I don't know the state-of-the-art here.

--Jeremy