On Thu, 14 Sep 2000, Schau, Brian wrote:
> Are you all telling me to compromise security just because people don't want
> to learn how to do Grafitti? What about making a password of
> letters/numbers you actually can remember to get right each time?
How is this compromising security?
First, you need to realize that the word "security" means absolutely
nothing, without further definition. It's a very esoteric word. Computer
security needs to be strictly defined within a given application, with
very specific rules.
What are the rules you are using in your app? I assume that because
there's a password, there's some kind of sensitive data. What's the goal
of using a password? To keep unauthorized parties out? How about
encryption? To the extreme, how about deleting all locked data if a wrong
password is entered?
Each of those gives you an increased level of "security", but some may not
be appropriate for your application. You need to first determine the
needs of your app.
As far as password masking goes, that's generally a requirement on
desktops, because they are often used in an environment where many people
can see the monitor, and they are easy to read from a distance. On a
handheld, however, you generally use them close to your own body, pretty
much blocking anyone behind you from seeing. They are also very difficult
to read from a distance (if screens improve, this may change though :).
One final thing to think about is that usually, adding more security
requirements makes an application harder to use. This a very important
thing to keep in mind, it's the reason virtually nobody uses encrypted
email. If something's too hard to use, regardless of if it's more secure,
people won't use it. This is why you need to evaluate the need for
password masking. Even experienced Palm users mess up graffiti every once
in a while.
--
Brian Mathis
Direct Edge
http://www.directedge.com
--
For information on using the Palm Developer Forums, or to unsubscribe, please see
http://www.palmos.com/dev/tech/support/forums/
