Re: Special characters in passwords was Re: RACF - Password rules .

Wed, 10 Jan 2007 08:37:10 -0800 

R.S. writes:

Additional security also raises the price. Almost always.
Additional complexity doesn't always mean additional security,
sometimes the opposite.


any add-on features increase complexity ... complexity increases costs
... complexity also tends to make infrastructures more vulnerable and
fragile ... with failures tending to happen in unexpected ways. I've even
used the analogy between various after-market/add-on security features and
after-market automobile seat belts back in the 60s.

security (actually almost any characteristic) guideline has been that
it has to be built in as part of the base infrastructure and KISS.

as before, misc. past posts mentioning fraud, vulnerabilities, threats,
exploits, risk
http://www.garlic.com/~lynn/subintegrity.html#fraud

from 3-factor authentication paradigm
http://www.garlic.com/~lynn/subintegrity.html#3factor

* something you have
* something you know
* something you are

...

shared-secrets like pin and passwords
http://www.garlic.com/~lynn/subintegrity.html#secrets

work sort-of ok, as "something you know" authentication when the
person had one (or at most a very few) shared secret to remember. a
problem is the paradigm scales up very poorly. however, a lot of
institutions continue to make believe that they are the one and only
security domain that a user has to deal with (and therefor theirs is

the only password the person needs to remember). 


in reality, many people are dealing with scores of unique security
domains and therefor dealing with large number of places requiring
authentication. when the authentication is a (static) shared-secret,
the requirement is that there be a unique value per security domain
(as countermeasure to cross-domain attacks).

previous posts in this thread
http://www.garlic.com/~lynn/2007b.html#6 Special characters in passwords was 
Re: RACF - Password rules
http://www.garlic.com/~lynn/2007b.html#8 Special characters in passwords was 
Re: RACF - Password rules

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html























					Reply via email to