On 15 Dec 2009 09:49:53 -0800, kees.vern...@klm.com (Vernooij, CP - SPLXM) wrote:
>Finally your local need can be easily beaten down: it will probably come >from the same users that start complaining when they have to invent a >password longer than 6 characters. By the time they are fully willing to >generate 44 character passwords and use them without complaining, I >would say then we can consider taking their business case seriously. Who >really has the need to create Let's expand on that. For security, all users should have a different, unique, random 44 character password for each application and web page they visit - provided they remember their User name. Don't let them write the password down. Don't let them use software to "cheat". And when they fail, it's their fault, not ours. Or maybe we need to revisit the business case analysis, remembering that people are people. Not just for user passwords, but for technical users as well. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
