Granted...

1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #203,506 by Yendor 4/15/05 3:18:07 PM Reply	Granted... ...I'm not a bad guy. I'm not a security guy, either. But still, requiring "2 UC chars, 2 lc chars, and a byte of punctuation" reduces the number of possible permutations of passwords quite a bit. -YendorMike "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, 1759 Historical Review of Pennsylvania
Post #203,511 by Silverlock 4/15/05 4:01:40 PM Reply	Disagree You are assuming that I am limiting the possible characters in a password given my scheme above. I submit that without the requirement of characters beyond lowercase letters, users will almost universally use only lowercase letters. So, mathematically speaking you are correct. In the real world of messy humans I think my scheme will, practically speaking, expand the number of possible passwords. ----------------------------------------- "In this world of sin and sorrow there is always something to be thankful for. As for me, I rejoice that I am not a Republican." -- H. L. Mencken Support our troops, Impeach Bush. D. D. Richards
Post #203,513 by ben_tilly 4/15/05 4:39:52 PM Reply	But not enough to be even remotely useful I have come to believe that idealism without discipline is a quick road to disaster, while discipline without idealism is pointless. -- Aaron Ward (my brother)

Password policy letter - (Silverlock) - (29) - April 15, 2005, 09:46:33 AM EDT

Disagree about the expiration - (hnick) - (22) - April 15, 2005, 10:43:10 AM EDT

"feel free to adapt" - (Silverlock) - (21) - April 15, 2005, 11:50:01 AM EDT

Re: "feel free to adapt" - (Yendor) - (19) - April 15, 2005, 11:52:47 AM EDT

Are you sure about that? - (Silverlock) - (18) - April 15, 2005, 12:11:37 PM EDT

Let's say I'm a bad guy - (Yendor) - (17) - April 15, 2005, 12:32:00 PM EDT

On the other hand - (JayMehaffey) - April 15, 2005, 01:09:01 PM EDT

Account locked after 5 bad passwords - (Silverlock) - April 15, 2005, 01:42:53 PM EDT

You are an *incompetent* bad guy - (ben_tilly) - (3) - April 15, 2005, 02:10:27 PM EDT

Granted... - (Yendor) - (2) - April 15, 2005, 03:18:07 PM EDT

Disagree - (Silverlock) - April 15, 2005, 04:01:40 PM EDT

But not enough to be even remotely useful -NT - (ben_tilly) - April 15, 2005, 04:39:52 PM EDT

Re: Let's say I'm a bad guy - (dws) - (10) - April 21, 2005, 07:47:02 PM EDT

BINGO! - (hnick) - April 22, 2005, 07:44:21 AM EDT

Yep, during security audit at gov agency I worked at - (tuberculosis) - April 22, 2005, 09:37:09 AM EDT

What's the alternative? - (Silverlock) - (6) - April 22, 2005, 10:57:58 AM EDT

Yeabut requiring frequent changes makes it worse. - (Another Scott) - (2) - April 22, 2005, 11:12:12 AM EDT

As I said before - (Silverlock) - (1) - April 22, 2005, 11:44:09 AM EDT

Understood. :-) -NT - (Another Scott) - April 22, 2005, 11:45:27 AM EDT

single signon with a 90 day passwd expiration - (boxley) - (2) - April 22, 2005, 11:15:29 AM EDT

Single signon is a happy dream - (Silverlock) - (1) - April 22, 2005, 11:46:37 AM EDT

Problem with SSO - (jbrabeck) - April 22, 2005, 11:57:02 AM EDT

Pretty much everyone will write it down anyways - (admin) - April 22, 2005, 01:48:35 PM EDT

Make the expiration longer than that. - (ben_tilly) - April 15, 2005, 02:12:00 PM EDT

I, like it! Me being the password Nazi at work - (folkert) - April 15, 2005, 11:25:48 AM EDT

And here - (jbrabeck) - April 15, 2005, 12:38:08 PM EDT

Make 'em use Unicode. - (Another Scott) - (1) - April 15, 2005, 04:51:00 PM EDT

We've been looking at several alternatives - (Silverlock) - April 15, 2005, 04:54:25 PM EDT

Apart from the fact that passwords suck - (pwhysall) - April 15, 2005, 05:51:37 PM EDT

Bit of a late reply... - (static) - May 6, 2005, 12:44:47 AM EDT

My parents just came back from a planet where the dominant life form had no bilateral symmetry, and all I got was this stupid F-shirt.
62 ms