Mike Walter <[EMAIL PROTECTED]> writes: > IMHO a greater barrier to security than fixed-length passwords is > the insistence by varying sites of their standards (must include a > number, must not have more than 2 identical characters in a row, > must not start with a digit, must have an uppercase letter, ... ad > nauseum). Varying standards may make password more unique in > dffering systems, but it also makes it difficult for users to create > the same password on multiple systems. So users write down the > "unique" password somewhere, violating the whole point of secure > passwords in the first place!!
shared-secret paradigm http://www.garlic.com/~lynn/subpubkey.html#secret is fundamentally flawed. when i got my first online password in the 60s ... it was the only one i had, over time, ever increasing security recommendations were propogated for password characteristics ... which not only made them very hard to guess ... but even harder to memorize. it was an extremely, single infrastructure centric pholosiphy ... which was then propogated to lots of other operations ... each continuing to operate as if they were the only one. now, it isn't uncommon for a person to have dealings with scores of different institutions ... each of them operating as if they were the only one in the world ... and each requiring extremely difficult to guess passwords ... which also turn out to be impossible to memorize. so what do you do when you are faced with having to memorize several score things that (are all designed to be impossible to memorize and) possibly change every month? the proliferation of rules also culminated in the 4/1/84 corporate memorandum previously mentioned http://www.garlic.com/~lynn/2001d.html#51 OT Re: A beautiful morning in AFM. http://www.garlic.com/~lynn/2001d.html#52 OT Re: A beautiful morning in AFM. emphasizing the fact that there was exactly one 8 character string that satisfied all the rules. -- Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
