Harold Fuchs wrote:
1. How on earth do you keep track of all those humongous pass phrases?
I use a program called Roboform (http://www.roboform.com/). I choose the phrases for each site (or have it choose one for me), it does the remembering.
2. Why do you consider it necessary to use >32 [non-alphanumeric] characters to protect something as trivial as access to a public web forum? Bank accounts, yes; public web forums, ?????
Mostly it's a matter of trying to follow good habits. If a site feels that a password is important enough to require, I feel that it's my job to choose one that's not too easy to guess. So I have a simple rule: always include at least one space. That way I know that no dictionary-based attack can succeed. I can't always follow the rule, because some sites I really have to use impose restrictions such as the ones we've been discussing, but I do my best to follow the rule and to avoid sites (or standalone software) that refuse to let me.
My basic point is that users should be able to choose whatever passwords they like. I have some sympathy for sites that want to insist on a minimum level of security (e.g., no passwords of only one character or something like that), but no sympathy at all for sites that impose restrictions. If I want my password to be "OOo is a wonderful thing", there's no good reason why I shouldn't be able to.
Incidentally, Windows Live (formerly MS Passport), which people are encouraged to use for lots of different types of web sites (including e.g., banking sites) is even worse that the OOo site. Windows Live passwords can't include spaces or exceed 16 characters. Which sort of tells you everything you need to know about Microsoft's true feeling about security.
Scott --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
