Educause Security Discussion mailing list archives
Re: Password Security
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Thu, 25 Oct 2007 05:48:59 -0400
On Tue, 23 Oct 2007 11:03:55 PDT, Steven Alexander said:
Ascribing to a bad practice may make you liable for negligence, but it won't change the damages once you're negligent. Except in egregious cases where punitive damages come into play, which is unlikely here,
But keep reading...
... I don't see why prior notice would be an issue here.
Prior notice may matter because "they were *told* it was a Bad Idea and they went ahead and intentionally did it *anyhow*" is the sort of thing that changes regular everyday negligence into the sort that has "reckless" and "egregious" attached to it, and then the punitive damages come into play. The easiest way to combat this - ask the people who are suggesting it: "How worried are you that if your wallet is lost, your ATM card would be used to drain your account before you got the bank on the phone? OK, now how worried would you be if you had written your PIN on the front of the card?"
Attachment:
_bin
Description:
Current thread:
- Re: Password Security, (continued)
- Re: Password Security Doug Markiewicz (Oct 23)
- Re: Password Security Jim Dillon (Oct 23)
- Re: Password Security David Seidl (Oct 23)
- Re: Password Security Vicky Walker (Oct 23)
- Re: Password Security Christopher Webber (Oct 23)
- Password Security Mclaughlin, Kevin (mclaugkl) (Oct 24)
- Re: Password Security David Kovarik (Oct 24)
- Re: Password Security Paul Russell (Oct 24)
- Re: Password Security Shalla, Kevin (Oct 24)
- Re: Password Security Gary Dobbins (Oct 24)
- Re: Password Security Valdis Kletnieks (Oct 25)
- Re: Password Security Scholz, Greg (Oct 25)