Or you could make the rules so complex that there is only one valid password.
Nigel On 9/1/07 15:11, "Ted MacNEIL" <[EMAIL PROTECTED]> wrote: >> Why don't they use single sign-on and passtickets? Also, the fact that they >> pander to what people want doesn't make "what people want" good. > > What people want is to be able to sign on easily, and not have to call > somebody because the rules make it difficult to remember passwords. > > This kind of cr*p is what make IT difficult to the business (the people we are > here to serve; not the other way around). > > Have you ever seen somebody try to manage their sign-ons in 'over-secure' > sites? > I have! It isn't pretty! > > No wonder people start using sticky notes. > Instead of carping about what they should be doing, let's attempt the unique. > Let's make it easy to use a secure system, rather than insisting on difficult > to use rules. > > A minimum length (6+). > A maximum period before you have to change. > An "N" strikes rule. > > Let's see a dictionary attack get through that! > > > Yaw tee pucketty! > Rum ting clue! > Ni! Ni! Ni! > Arrooo! > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
