On Thu, Aug 18, 2011 at 1:25 PM, Hilderbrand, Doug <[email protected]> wrote: > Why hasn’t anyone implemented fail words?
These are called "duress codes" and are commonly assigned for things like security alarms, locks (like your bank vault), etc. The key aspect of a duress code is that *it appears to succeed like the normal code would*. It notifies responders without alerting the point-of-use. They're intended to protect the person under duress. If the duress code refused entry (or acted like bad password, etc.), the attacker could harm the person under duress. If all the person under duress cares about is protecting the asset, they just refuse to enter any code and take the knife to the guts. Looking for common words as a trap against untargeted attacks is adds nothing; you should already be implementing lockout after a few failed attempts. Stop listening to GRC. While he's not a complete idiot, he's often misinformed, and Can't! Talk! About! Anything! Like! It's! Not! The! Most! Amazing! Thing! Ever!, even if what he's just "discovered" or "invented" has been well-known for decades. -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
