[TriLUG] Securely and Accurately transmit passwords
MG
mgmonza at gmail.com
Tue Oct 2 12:40:45 EDT 2007
Oddly enough, CBC (Canadian news) ran an article on password security today:
http://www.cbc.ca/news/background/tech/passwords.html
Jeremy Portzer wrote:
> Chris Knowles wrote:
>
>
>> Recently we've started seeing that they've taken these cards, taped them
>> into their laptops in plain sight. (And occasionally annotated them
>> with much too much information as to what that password would buy you.)
>>
>> Since the passwords are complex, phone conversations tend to lead to a
>> lot of phonetic spelling and shouting.
>>
>
> Maybe the problem is the passwords are TOO complex requiring all but the
> most anal sysadmin to refer to a written reference? Maybe you could
> consider simplifying them a bit so people can more easily remember them?
> E.g. something like "2 of the 3: digit, capital letter, or symbol."
> Something like "Must contain at least 2 of each: digit, capital
> letters, and symbols" is much harder to deal with.
>
> Also, do users pick their passwords or do you pick them arbitrarily?
>
> There are a lot of 'social' aspects to password complexity schemes that
> are interesting to study. I don't know the state-of-the-art here.
>
> --Jeremy
>
More information about the TriLUG
mailing list