Re: 1 in 3 workers write down passwords

[Drsolly <drsollyp () drsolly com>]

On Tue, 17 Oct 2006, Dude VanWinkle wrote:

> One in three workers jot down passwords: study
> http://today.reuters.com/news/articlenews.aspx?type=technologyNews&storyID=2006-10-17T205533Z_01_N17230049_RTRUKOC_0_US-LIFE-PASSWORDS.xml&WTmodLoc=TechNewsHome_C1_%5bFeed%5d-9
> http://tinyurl.com/yhbpbv
>
> NEW YORK (Reuters) - One in three people write down computer
> passwords, undermining their security

No, that enhances their security.

, and companies should look to
> more advanced methods, including biometrics, to ensure their systems
> are safe, a new study shows.
>
> A study released on Tuesday by global research firms Nucleus Research
> and KnowledgeStorm found companies' attempts to tighten IT security by
> regularly changing passwords and making them more complex by adding
> numbers as well as letters had no impact on security.

No, that undermines security.

People who need three dozen passwords and have believed this silly rule 
about not writing them down, have to:

1) Choose trivially easy passwords if they're allowed to (eg, password = 
username)

2) Choose the same password on every system they use


People who enforce the silly rule about not writing them down, and enforce 
a change every month:

1) Have not understood how passwords get compromised

2) Probably have a lot more passwords to remember than the average user, 
and so - write them down.

3) Have become accustomed to being phoned up and asked for the password, 
and have become accustomed to give out the password on request.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.