Educause Security Discussion mailing list archives

Re: Password Security

From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Thu, 25 Oct 2007 05:48:59 -0400

On Tue, 23 Oct 2007 11:03:55 PDT, Steven Alexander said:

Ascribing to a bad practice may make you liable for negligence, but it
won't change the damages once you're negligent.  Except in egregious
cases where punitive damages come into play, which is unlikely here,


But keep reading...

...
I don't see why prior notice would be an issue here.


Prior notice may matter because "they were *told* it was a Bad Idea and they
went ahead and intentionally did it *anyhow*" is the sort of thing that changes
regular everyday negligence into the sort that has "reckless" and "egregious"
attached to it, and then the punitive damages come into play.

The easiest way to combat this - ask the people who are suggesting it:

"How worried are you that if your wallet is lost, your ATM card would be
used to drain your account before you got the bank on the phone?  OK, now
how worried would you be if you had written your PIN on the front of the
card?"

Attachment: _bin
Description:

Current thread:

Re: Password Security, (continued)
- Re: Password Security Doug Markiewicz (Oct 23)
- Re: Password Security Jim Dillon (Oct 23)
- Re: Password Security David Seidl (Oct 23)
- Re: Password Security Vicky Walker (Oct 23)
- Re: Password Security Christopher Webber (Oct 23)
- Password Security Mclaughlin, Kevin (mclaugkl) (Oct 24)
- Re: Password Security David Kovarik (Oct 24)
- Re: Password Security Paul Russell (Oct 24)
- Re: Password Security Shalla, Kevin (Oct 24)
- Re: Password Security Gary Dobbins (Oct 24)
- Re: Password Security Valdis Kletnieks (Oct 25)
- Re: Password Security Scholz, Greg (Oct 25)