This is near and dear to my heart so I had to evangelize: http://www.baekdal.com/tips/password-security-usability
I disagree only slightly in that - lookup tables for any password less than 12 characters are readily available - devices can be tried several hundred times a second The counter argument: - If the attacker has physical access to the device or database in the first place, all bets are off And, of course, the best password is the one that you can stick on the sticky note and no one will be any the wiser: "Call John at 6:30" "Meeting on Tuesday" "mail dropoff before 5" AJ ONeal /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
