-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 03/01/2012 06:09 PM, Nico Williams wrote: > I let mailman generate passwords. And I never use them, much less > re-use them. Well, I do use them when I need to change e-mail > addresses, which happens very rarely, and then I start by asking > mailman to send my my passwords because I don't remember them -- I've > done this like once in the past decade.
Perhaps mailman should be changed to require you to use its generated passwords, or better yet, to only generate a password when you ask it to send you your password, and then invalidate it after a few days. So it isn't really a password but a "thunk" of limited value. In this fashion we can be more assured that people aren't re-using passwords with mailman. Because... you and I may know better... the manager at the bank where are money is stored (or the doctors office where are medical records are located) may not know better... ;-) -Jeff - -- _______________________________________________________________________ Jeffrey I. Schiller MIT Technologist, Consultant, and Cavy Breeder Cambridge, MA 02139-4307 617.910.0259 - Voice j...@qyv.net http://jis.qyv.name _______________________________________________________________________ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFPUB+98CBzV/QUlSsRAme0AKD68AevJfdboYC8zd/OeShRtwSS8QCgnRTr oL3z9rBPfkYy3vPLrSdsQ6M= =TPD+ -----END PGP SIGNATURE----- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography