-----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Howard Brazee Sent: Friday, February 16, 2007 11:32 AM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Mixed Case Password on z/OS 1.7 and ACF 2 Version 8
<SNIP> But just as security isn't my job - developing a useable replacement for passwords apparently isn't the job of our local security staff - not without a budget and support to do something better. And apparently nobody is solving the problem of world-wide security with people using the same password on a hundred web sites (meaning that they can be phished). The occasional article telling them this is dangerous does nothing - if they read it, they can't remember a hundred different secure passwords. <SNIP> Kind of what I was driving at when I said something about all the accounts that I have to have a user id and password for. Banks, clubs, employers (and how many systems have their own password/userid and associated rules?), etc. We are becoming unsecure by trying to be so secure. Not everyone has photographic memory so that they can remember all their userid/password combinations (where they can write it down, look at it, then destroy the paper). This is why PDAs are becoming dangerous as are laptops with their "wallets" and the like where people keep their userids and passwords in their browsers. I do not have the answer(s), I just started thinking about the simple solutions that people will use, but allow risk of compromise being increased. Later, Steve Thompson ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html