Bruce Schneier has argued that encryption and passwords are only tools like anything else. Most of the real problems come with the people who are trained or not trained in more "secure" mindset.
I am an advocate for some password rules. Too many rules: * start to eliminate possibilities.. meaning it becomes easier to "try" knowing the format. * makes it needlessly difficult on the users.. who you want to be on "your side" to be effective. Too few rules: * "AAAAAAAA" is just too easy... "MONDAY" isn't much better. * and "A" is bordering on the criminal Luckily, any mainframe shop worth anything is going to have password violation rules probably in the 3 - 6 tries and "your account is suspended/locked". Which takes care of the brute force methods of cracking passwords. Hopefully, everyone has fairly good controls surrounding the security data base to avoid scenerios like Walt described. Of course most of the integrated shops should have similar controls on the WinTel and Unix side as well. But advocating strong education within your organization for security/risk consciousness is some of the most effective effort that can be done. Don't get me wrong, technology around security is a lot of fun. But the only truly secure system is one that no one uses. Rob Schramm This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
