A valid and good point. However I suspect that they will just point out that their policy clearly states that passwords should not be written down, and shift the blame to the user.
-----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] Behalf Of Shmuel Metz (Seymour J.) Sent: 06 October 2005 14:37 To: IBM-MAIN@BAMA.UA.EDU Subject: Re: PCI audit compliance Have you discussed with them the risk that the users will write down their passwords if they are too difficult to remember? Perhaps the solution is to use authentication techniques that are more robust than passwords. This e-mail message is for the sole use of the intended recipient(s)and may contain confidential and privileged information of Transaction NetworkServices. Any unauthorized review, use, disclosure or distribution isprohibited. If you are not the intended recipient, please contact thesender by reply e-mail and destroy all copies of the original message. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html