I still think passwords have to die. There are better options. From: Hilderbrand, Doug [mailto:[email protected]] Sent: Friday, 19 August 2011 3:25 AM To: NT System Admin Issues Subject: Why not failwords?
I was just reading all those emails about making hard to crack passwords (Almost but not quite OT: Passwords). I like Steve Gibson’s analysis of why long passwords are harder to brute force crack than shorter complex ones. But, I wonder… Why hasn’t anyone implemented fail words? Two or more passwords associated with your account or whatever. One you use for normal access and is as hard to crack as you can make it and still be memorable. Then another password that would be easy(er) to crack that triggers some event? Here are a few scenarios I can think of off the top of my head: [] Bank manager forced to open the vault at gunpoint. Use the failword. Opens the vault and rings the silent alarm. [] Someone tries to login to your PayPal or bank account and tries your failword. They get the usual bad password result, but you get a text message on your cell phone. [] Someone tries to unlock your iPhone. They try the failword and it gets locked until you send it a special email or text or 24 hours expire, etc. Is there some reason this is a bad idea? I can’t think of any… Doug Hilderbrand | Systems Analyst, Information Technology | Crane Aerospace & Electronics ________________________________ Check out the new Crane Aerospace Electronics Newsroom<http://newsroom.craneae.com/>! Like us on Facebook<http://www.facebook.com/home.php?#!/pages/Crane-Aerospace-Electronics/163305413682908>! We value your opinion! <http://www.craneae.com/surveys/satisfaction.htm> How may we serve you better? Please click the survey link to tell us how we are doing: http://www.craneae.com/surveys/satisfaction.htm Your feedback is of the utmost importance to us. Thank you for your time. Crane Aerospace & Electronics Confidentiality Statement: The information contained in this email message may be privileged and is confidential information intended only for the use of the recipient, or any employee or agent responsible to deliver it to the intended recipient. Any unauthorized use, distribution or copying of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify the sender immediately and destroy the original message and all attachments from your electronic files. ________________________________ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
