Hi, I would definitely consider enforcing pass phrases. At Coding Horror<http://www.codinghorror.com/blog/archives/000342.html>you can find a lot of information regarding password and security both from a technical standpoint (never store the password, just the salted hash) and from the users standpoint. I now use phrases everywhere and it's both easy to remember and easy to modify for each site.
My biggest problem now is that many sites and prevents longer phrases and stops at 10-15 characters, and don't allow spaces. A "secure" policy like 8 letter, special characters, with the addition of forcing the user to change every 30/60/90 days. Always leads to the simplest possible password like "Computer001!", "Computer002!", etc. It follows the rules but are extremely easy to brute force hack. I think that graphical security is harder to handle at the moment because people are not as used to work with them but it might change over time. Regards --- Håkan Reis Dotway AB +46(768)510033 My blog || http://blog.reis.se My company || http://dotway.se Our conference || http://oredev.org - See you in 2008 On Sat, Sep 20, 2008 at 00:14, Calvin <[EMAIL PROTECTED]> wrote: > Not sure if I am totally off-topic, but speaking of password, I have > got a couple pretty cool and secure ideas about authentication which > I heard from a podcast called "Security Now". > > The "Perfect Paper Password" (http://www.grc.com/securitynow.htm > episode #115 and #117) Is an open-source program that can generate a > bunch of one-time only PINs that is meant to be printed on a paper > and kept in your wallet. > > The Ubikey (http://www.grc.com/securitynow.htm Episode #143) a tiny > USB dougle that has only one button on it that generates a one time > PIN when pressed. The authentication engine is totally open-source > and free. > > > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > Posted from the new ixda.org > http://www.ixda.org/discuss?post=33174 > > > ________________________________________________________________ > Welcome to the Interaction Design Association (IxDA)! > To post to this list ....... [EMAIL PROTECTED] > Unsubscribe ................ http://www.ixda.org/unsubscribe > List Guidelines ............ http://www.ixda.org/guidelines > List Help .................. http://www.ixda.org/help > ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [EMAIL PROTECTED] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
