On Fri, 23 May 2014 23:19:10 -0300, Clark Morris wrote: >Since organizations have started requiring special characters in >passwords, I have been wondering which special characters are stable >across code pages. I know the US dollar sign in EBCDIC is not >becoming the pound sterling sign in Britain and the Japaneses Yen sign >in Japan. I'm thinking of the 8 it EBCDIC code pages and the 8 bit >Latin-1 ISO code pages. > I hate EBCDIC! USASCII code points are relatively stable, even outside the USA.
>Another thing that has always baffled is the idea that even if I have >a strong password that is NOT written down, I still should change it >once a month. If the site I am logging into enforces good management >by locking the account after say 5 attempts in 15 minutes thus >allowing no more that 16 attempts an hour or 140544 attempts a year, >how is not changing my password going to make that much of a >difference since at 1,404,544 attempts in 10 years that is still a >small fraction of the 656 billion possibilities with a 8 character >password assuming ONLY 30 characters in a character set? > Cultural differences. Open Systems administrators feel that locking accounts invites Denial of Service attacks; I need only try logging in to cfmpublic with 5 random passwords in quick succession and your account is locked. You must bother the administrators to reset it -- a PITA for them. IBM administrators feel that the user should be told that he has entered an invalid user ID before being prompted for a password. This reduces the search space from M x N to M + N, but if the user were not able to report that the system accepted a user ID but rejected the password this would be a PITA for them. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
