[TriLUG] Securely and Accurately transmit passwords
Jeremy Portzer
jeremyp at pobox.com
Tue Oct 2 01:02:40 EDT 2007
Chris Knowles wrote:
> Recently we've started seeing that they've taken these cards, taped them
> into their laptops in plain sight. (And occasionally annotated them
> with much too much information as to what that password would buy you.)
>
> Since the passwords are complex, phone conversations tend to lead to a
> lot of phonetic spelling and shouting.
Maybe the problem is the passwords are TOO complex requiring all but the
most anal sysadmin to refer to a written reference? Maybe you could
consider simplifying them a bit so people can more easily remember them?
E.g. something like "2 of the 3: digit, capital letter, or symbol."
Something like "Must contain at least 2 of each: digit, capital
letters, and symbols" is much harder to deal with.
Also, do users pick their passwords or do you pick them arbitrarily?
There are a lot of 'social' aspects to password complexity schemes that
are interesting to study. I don't know the state-of-the-art here.
--Jeremy
More information about the TriLUG
mailing list