" So the decision is not being made by informed end-users" Same here, better that the users aren't involved IMHO.
- William On Mon, Jul 1, 2013 at 9:25 AM, David Parter <[email protected]> wrote: > William J. Robbins <[email protected]> wrote: > > > For 99% of my passwords I use LastPass and the PW generator. It irks > > me no end to come across a site that doesn't accept complex passwords, > > or ones with stupid limitations of 12 or less characters. I had (past > > tense is key) a bank site that limited to 16 and didn't allow special > > characters. Discover actually requires a complex username...but I > > digress. > > I too hate sites like that. Usually, if I can, I use a competitor. I > also hate sites that won't accept "plussed" email addresses... > > > At the end of the day if someone knows enough to bother encrypting > > their system in the first place they know to use a decent > > passphrase... > > Encryption in mandated by our campus policies, and whole disk encryption > is being strongly encouraged by the security office. So the decision is > not being made by informed end-uses, it is being made by (at best) the > local sysadmins. Which doesn't mean the end user understands the > security implications at all. > > --david > >
_______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
