|
|
| Author |
Message |
| 25 new of 224 responses total. |
cross
|
|
response 100 of 224:
| 
May 17 21:15 UTC 2003 |
This response has been erased.
|
rcurl
|
|
response 101 of 224:
|
May 17 22:04 UTC 2003 |
CAEN (at UM) does not require that one change one's password. If asked,
they will recommend it, but the system does not create an automatic
recommender.
|
tod
|
|
response 102 of 224:
|
May 18 00:26 UTC 2003 |
This response has been erased.
|
jazz
|
|
response 103 of 224:
|
May 18 01:50 UTC 2003 |
I'd like to suggest that each new user type up a few pages of
completely random characters, and send them to GREX staff, which would then
use the first eight for the password, then erase them, and work with the next
eight upon the next login.
|
rcurl
|
|
response 104 of 224:
|
May 18 01:52 UTC 2003 |
What's a "completely random character"? Well, OK: here is my completely
random "5".
|
cross
|
|
response 105 of 224:
|
May 18 01:53 UTC 2003 |
This response has been erased.
|
jazz
|
|
response 106 of 224:
|
May 18 01:58 UTC 2003 |
Biometrics now!
|
cross
|
|
response 107 of 224:
|
May 18 02:07 UTC 2003 |
This response has been erased.
|
jep
|
|
response 108 of 224:
|
May 18 03:17 UTC 2003 |
Dan, nothing you've said has supported doing away with passwords
entirely, unless I've missed something. I think that's going too far.
|
cross
|
|
response 109 of 224:
|
May 18 03:57 UTC 2003 |
This response has been erased.
|
orinoco
|
|
response 110 of 224:
|
May 18 04:29 UTC 2003 |
Good. Plenty of ultimately futile things are worth doing, and authentication
is one of them. :)
|
pvn
|
|
response 111 of 224:
|
May 18 08:26 UTC 2003 |
Other than for the purpose of deleting users who are no longer around
the password expire thingy is probably a little silly. Back in the old
days when there was a password file that any user could read and see the
crypted password there was a big debate about this being a security
problem. Crack put the end to that and since then the actual crypted
password is not world readable - shadowed. Thus dictionary attacks are
not useful unless one has already cracked root and stolen the shadowed
password file. And if one already had root then why fuck around with
mere user passwords. The problem of sniffing plaintext transmission of
passwords still remains but that is easily addressed by using ssh/htttps
if you are really concerned about it. These days requirement of
frequent password changes and that they be non-dictionary words results
in less security as others noted prior in that the cleaning crew at the
office know everybodys passwords should they have the skillset to do
something with them. (If I steal your laptop chances are very good that
there is at least a file if not pieces of diskette lable with passwords
in plaintext.) (Personally, I keep a PDA with a passworded application
that has otherwise crypted all my passwords but that is just me.) (I
used to use Uzbek swear words but that went away in the early '90s when
the first Uzbek dictionary was posted.)
|
cross
|
|
response 112 of 224:
|
May 18 13:15 UTC 2003 |
This response has been erased.
|
gull
|
|
response 113 of 224:
|
May 18 20:36 UTC 2003 |
I heard about one office that implemented passwords that expired once a
month, and prohibited repeating the same password twice in a row. They
found most of their users started setting their password to the name of
the current month.
|
jmsaul
|
|
response 114 of 224:
|
May 19 01:22 UTC 2003 |
No surprise. That's exactly what they should have expected with a policy like
that. That or alternating passwords. Users dislike having to reset passwords
often, and find ways to defeat the alleged benefits if they're forced to.
(And if you don't let them alternate passwords, they write them down on post-
it notes under their mouse pad or on the side of their monitor.)
|
gull
|
|
response 115 of 224:
|
May 19 02:22 UTC 2003 |
Yeah. Or they just never log out, which is even worse.
|
jmsaul
|
|
response 116 of 224:
|
May 19 03:37 UTC 2003 |
That's more controllable.
|
cross
|
|
response 117 of 224:
|
May 19 04:17 UTC 2003 |
This response has been erased.
|
tsty
|
|
response 118 of 224:
|
May 19 07:06 UTC 2003 |
"someting more standard" is non-grexian, by defintion ......
/
|
gull
|
|
response 119 of 224:
|
May 19 14:09 UTC 2003 |
But probably still a good idea. :)
|
tsty
|
|
response 120 of 224:
|
May 19 15:51 UTC 2003 |
not a problem except that i don;t know 'how to do it' :
all too often i receive attachments at this address.
i use good ol' mail
what part of the content do i save and then 'translate' (and
by what means) so that i can d/l the attachment and use it?
usually these are ms word docs.
|
janc
|
|
response 121 of 224:
|
May 19 19:00 UTC 2003 |
Re #118: I think we should change that definition, in most cases.
|
jhudson
|
|
response 122 of 224:
|
May 19 20:02 UTC 2003 |
My passwords are proper nouns from a private fantacy world.
Despite the fact that I rotate only a few, nobody is going to
get a good handle on them.
|
cross
|
|
response 123 of 224:
|
May 19 20:36 UTC 2003 |
This response has been erased.
|
tsty
|
|
response 124 of 224:
|
May 20 11:28 UTC 2003 |
any thoughts on #120 . and the mail attachment problem?
please don't suggest pine though, i want to know the steps from
mail to a usable file.
|
