nanog mailing list archives
Re: AD and enforced password policies
From: Michael Thomas <mike () mtcc com>
Date: Tue, 03 Jan 2012 05:31:12 -0800
On 01/03/2012 05:09 AM, Greg Ihnen wrote:
A side issue is the people who use the same password at fuzzykittens.com as they do at bankofamerica.com. Of course fuzzykittens doesn't need high security for their password management and storage. After all, what's worth stealing at fuzzykittens? All those passwords. I use and recommend and use a popular password manager, so I can have unique strong passwords without making a religion out of it. Greg
I've been doing something with my site/app (phresheez) that is helpful on that front: instead of having them use their password, the app auto-generates a password for the user instead. I did this mainly for convenience -- users hate typing on their phones -- but it has the nice property that you don't have a domino effect if a password on my site is compromised. Since most browsers auto-remember your passwords anyway, it even works in the web world too. For most need-to-join sites, I think this is a pretty reasonable solution. Maybe not for, oh say, financial sites where password recovery is a little bit scarier, but for the run of the mill app/site... it seems that this solution at least solves the domino problem. Mike
Current thread:
- AD and enforced password policies Jones, Barry (Jan 02)
- Re: AD and enforced password policies Robert Luethje (Jan 02)
- Re: AD and enforced password policies Jimmy Hess (Jan 02)
- RE: AD and enforced password policies Blake T. Pfankuch (Jan 02)
- Re: AD and enforced password policies Måns Nilsson (Jan 03)
- Re: AD and enforced password policies Greg Ihnen (Jan 03)
- Re: AD and enforced password policies Todd Underwood (Jan 03)
- Re: AD and enforced password policies Michael Thomas (Jan 03)
- Re: AD and enforced password policies Måns Nilsson (Jan 03)
- Re: AD and enforced password policies Tim Franklin (Jan 03)
- Re: AD and enforced password policies Måns Nilsson (Jan 04)
- Re: AD and enforced password policies Randy Bush (Jan 03)
- Re: AD and enforced password policies Todd Underwood (Jan 03)
- RE: AD and enforced password policies Blake T. Pfankuch (Jan 02)
- Re: AD and enforced password policies Steven Bellovin (Jan 03)
- RE: AD and enforced password policies Jones, Barry (Jan 05)
- Re: AD and enforced password policies Gary Buhrmaster (Jan 03)
- Re: AD and enforced password policies Jimmy Hess (Jan 03)
- Re: AD and enforced password policies Måns Nilsson (Jan 04)