Re: SECURITY Digest - 15 Oct 2009 to 16 Oct 2009 (#2009-236)

[Geoff Nathan <geoffnathan () WAYNE EDU>]

Matt said:

> I tend use truly random passwords from a
> generator or those similar in style to what Don
> mentioned.

It's of course ideal to use long, random, meaningless strings as passwords. It's also ideal to have a different 
password for each application (server, e-mail, banking site, etc. etc.) that we log into. But I have two e-mail 
accounts (three if we include the one that AT&T gives me as part of my home setup), a Wayne State single sign-on 
password, my bank, my credit card, my retirement accounts, and then the less risky ones like Amazon, Zagat, Cooks 
Illustrated, Tripit, and I could go on (as in fact I have...)
It's simply impossible to remember all these, unless I repeat the passwords, or use a password wallet (which itself is 
clumsy, and requires its own password). As others have said, the password paradigm is broken, and, as long as 
two-factor is too expensive we're going to continue to have trouble, and it's not the users' fault. We can't ask them 
to do twelve impossible things before breakfast and slap their wrists when they don't. Eventually they will slap back, 
and they will be right.

Geoffrey S. Nathan
Faculty Liaison, C&IT
and Associate Professor, Linguistics Program
Wayne State University
Detroit MI 48230
+1 (313) 577-1259 (C&IT)
+1 (313) 577-8621 (English/Linguistics)

----- "SECURITY automatic digest system" <LISTSERV () LISTSERV EDUCAUSE EDU> wrote:
> From: "SECURITY automatic digest system" <LISTSERV () LISTSERV EDUCAUSE EDU>
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Sent: Saturday, October 17, 2009 12:00:01 AM GMT -05:00 US/Canada Eastern
> Subject: SECURITY Digest - 15 Oct 2009 to 16 Oct 2009 (#2009-236)
>
> SECURITY Digest - 15 Oct 2009 to 16 Oct 2009 (#2009-236)      LISTSERV mailing list manager   LISTSERV 15.0   

>       

Browse the SECURITY online archives.    

Anti-Virus FilterPowered by the LISTSERV Email List Manager