On Tuesday 29 September 2009 10:30:37 John A. Sullivan III wrote: > Second, I believe we saw a way we could map the Asterisk password to the > regular user password (it's been a while so I'm not sure about that) but > were concerned about the problems of entering secure passwords from a > phone keypad. We enforce fairly secure passwords - at least nine > characters with some variety of characters and encourage much longer > passwords. Having to enter lots of characters in both cases as well as > symbols seemed difficult from a phone keypad. Thus, we decided > (reluctantly) to use separate simple passwords for phone access instead > of the very secure passwords we use to data access.
I would hope that you're at least restricting your peers to be limited to a set of IPs distinctive to your phones. Otherwise, this is a recipe for disaster, especially if a) your registration server is accessible externally, and b) your phones are permitted to make toll calls, especially international numbers. Most good IP phones permit a method of configuration which does not require typing a password into a keypad. You should probably learn to use that method or switch to a phone with that ability, then use secure passwords. Phones are just as important as data and should be supplied with complex passwords. -- Tilghman Lesher Digium, Inc. | Senior Software Developer twitter: Corydon76 | IRC: Corydon76-dig (Freenode) Check us out at: www.digium.com & www.asterisk.org _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2009 - October 13 - 15 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
