OK, this is topic drift, but: are you saying that having stringent password requirements is a failure? Because I sure think it is -- it just encourages folks to use patterns or otherwise weak passwords and/or to write them down anyway.
I use a site that requires 8-byte passwords, changed every n days, with no more than 3 characters from the previous password in a row and at least one digit,, which can't be leading or trailing". Surprise, we use ABCnnDEF, where the nn is what changes. Fortunately this isn't an important site, so I'm not worried about someone getting at it, but it's an example where the stupid restrictions fail. On Tue, Jul 13, 2010 at 1:20 PM, Howard Brazee <howard.bra...@cusys.edu>wrote: > On 13 Jul 2010 08:11:48 -0700, ken.porow...@cit.com (Ken Porowski) > wrote: > > >Now, I'll sit back and enjoy the debate on the question if an 'operator > error' counts as a 'glitch'. > > > >For the opening shot in this, I'd argue: yes. While no system can ever be > totally idiot proof, human intervention can be counted on as a failure mode. > Besides, it should have taken more than one idiot to do the job. :-) > > Humans are an important part of any system. The more critical the > system, the more important it is to include accounting for human > frailties as part of the design. > > One example of such failure is "fixing" the password problem by > requiring that users have unique, hard to memorize passwords - in a > world where it's not uncommon to have hundreds of passwords. Then > require that they change the passwords frequently and never write them > down. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > -- zMan -- "I've got a mainframe and I'm not afraid to use it" ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
