Re: 1 in 3 workers write down passwords

["Dude VanWinkle" <dudevanwinkle () gmail com>]

On 10/17/06, Ron <iago () valhallalegends com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Dude VanWinkle wrote:
> > One in three workers jot down passwords: study
> > 
> http://today.reuters.com/news/articlenews.aspx?type=technologyNews&storyID=2006-10-17T205533Z_01_N17230049_RTRUKOC_0_US-LIFE-PASSWORDS.xml&WTmodLoc=TechNewsHome_C1_%5bFeed%5d-9
> >
>
> Hmm, I generally tout myself as a security guy, but I have to admit,
> even I do that sometimes.
>
> Generally, when I'm given a password for a remote system that is
> something like "7QbbBr2CqqS", I'll write the password, all by itself, on
> a yellow sticky note and stick it to my monitor for a week or two, until
> I feel like I've memorized it well enough to toss (fine, eat) the note.
>
> I think one of the major issues is: stupid passwords.  I've spent time
> at places that have completely asinine password policies (must be 8
> characters or longer, letters and numbers and at least 2 symbols, no
> spaces, no 2 characters within every 4 characters can be the same, etc.
> etc. etc.).  Worse yet, the users are GIVEN a password that looks like
> somebody sat on a keyboard, and is expected to memorize it.
>
> I think that we really have to make a request of password-based software:
> - - Allow spaces
> - - No maximum length
> - - Encourage a pass phrase

You are right, AS400 has a ways to go before they get to the level of
MS where password complexity is concerned:-)

-JP

-JP
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.