[IP] more on MS Security says to write down your passwords?!?!

To: Ip ip <ip@xxxxxxxxxxxxxx>
Subject: [IP] more on MS Security says to write down your passwords?!?!
From: David Farber <dave@xxxxxxxxxx>
Date: Tue, 24 May 2005 04:41:42 -0400
List-help: <http://v2.listbox.com/doc/help_sub?list_name=ip@v2.listbox.com>
List-id: <ip@xxxxxxxxxxxxxx>
List-software: listbox.com v2.0
List-subscribe: <mailto:subscribe-ip@v2.listbox.com>, <http://v2.listbox.com/subscribe/?listname=ip@v2.listbox.com>
List-unsubscribe: <mailto:unsubscribe-ip@v2.listbox.com>, <http://v2.listbox.com/member/unsubscribe/?listname=ip@v2.listbox.com>
References: <6.2.1.2.2.20050523152657.02bffaa8@xxxxxxxxxxxxxxxxxxxxxxx>
Reply-to: dave@xxxxxxxxxx
Sender: owner-ip@xxxxxxxxxxxxxx



Begin forwarded message:

From: Bob Hinden <bob.hinden@xxxxxxxxx>
Date: May 23, 2005 6:58:27 PM EDT
To: dave@xxxxxxxxxx
Cc: Bob Hinden <bob.hinden@xxxxxxxxx>
Subject: Re: [IP] MS Security says to write down your passwords?!?!


Dave,

Microsoft security guru: Jot down your passwords

There is a real problem here and he is probably correct. We areinstructed to use hard to forge passwords (i.e., not in thedictionary, mixture of letters and number, etc.), we are not supposedto write them down, we need to have passwords on many differentsystems, and we are supposed to changed them periodically. Notsurprisingly, this just isn't possible.

I think it is better to write down passwords than to use passwordsthat are easy to guess. The best method I have seen for this is tohave all the passwords start or end with the same character(s) andnot write down these character(s) in the list.

Personally I do a range of things to manage my passwords. I use highquality password for accounts where my money is involved, mediumquality for sites that might retain my credit cards, and low qualitypasswords for things where it doesn't matter too much (these areusually duplicated), and I write down the passwords for accounts Idon't use too often and am likely to forget.

Where I work, they make me change my password much too often anddon't allow the reuse of the previous dozen passwords. I think thisactually reduces the security because it encourages people to writedown passwords and/or use trivial passwords. The scheme I came upwith was to have a constant set of numbers and letters and rotate theletters through the numbers every time they make me change thepassword. This makes it easier for me to remember it, but stillresults in reasonable quality. BTW, once recently when I was goingthrough airport security, they made me show that my laptop wasworking. This, of course, was the time that the disk encryptionsoftware decided it was time for me to change my password. What fun....


Bob






-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/

Prev by Date: [IP] more on READ more on Viruses
Next by Date: [IP] Latest Internet attack holds computer files hostage
Previous by thread: [IP] more on READ more on Viruses
Next by thread: [IP] Latest Internet attack holds computer files hostage
Index(es):
- Date
- Thread