On 02/18/2015 12:30 PM, Richard Pieri wrote: > On 2/18/2015 11:20 AM, Bill Bogstad wrote: >> And the same users are going to use "Four score ...." if you require >> longer passwords, >> so you lose anyway. > > I did preface that with "[p]assword reform starts with...". > > Key chain managers can be a good next step. They allow the use of > arbitrary, random gibberish as passwords in a way that users only need > to remember one good password for unlocking the key chain. In essence > they can do the same thing that heavy duty encryption systems do: they > generate large random keys for actual encryption and encrypt these > keys with user-provided passwords or passphrases. This way you can > have strong passwords without any password reuse. Link a key chain > manager to a trustworthy third party and you can have a robust > password management system that is resistant to attacks. > One issue I had with SecureID years ago was that it required you to log in within a certain amount of time. The number on the Secure Id was hard to read, and it would take me a couple of times before I was able to type in the number and the pin before the time out. But, I would agree that keychain managers are a viable solution.
-- Jerry Feldman <g...@blu.org> Boston Linux and Unix PGP key id:B7F14F2F PGP Key fingerprint: D937 A424 4836 E052 2E1B 8DC6 24D7 000F B7F1 4F2F _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss