On 16 Feb 2007 09:05:19 -0800, [EMAIL PROTECTED] (Rick Fochtman) wrote: >That's true, Walt. But how do you prevent the user from burying his id, >or an anagram of it, in the password without using an exit? We found >that to be the most prevalent security-related issue when we had to >grant acces to non-DP oriented users, like the traders on the floor at >the Chicago Board of Trade. > >(Forcing regular password changes was a whole other issue. <G>)
Let me see, this is February of 2007, my password must be B02razee07. Gets me past the password cops, I don't write my password down, and can do my work. Hey, it can be broken - but if I don't work, I don't get paid - security is someone else's problem. Years ago I had a Vax class - my instructor was French, so she was able to use passwords that the English language password parser did not recognize as words. But just as security isn't my job - developing a useable replacement for passwords apparently isn't the job of our local security staff - not without a budget and support to do something better. And apparently nobody is solving the problem of world-wide security with people using the same password on a hundred web sites (meaning that they can be phished). The occasional article telling them this is dangerous does nothing - if they read it, they can't remember a hundred different secure passwords. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html