-----Original Message----- From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of McKown, John Sent: Friday, February 16, 2007 1:01 PM To: IBM-MAIN@BAMA.UA.EDU Subject: Re: Mixed Case Password on z/OS 1.7 and ACF 2 Version 8
> -----Original Message----- > From: IBM Mainframe Discussion List > [mailto:[EMAIL PROTECTED] On Behalf Of Thompson, Steve > Sent: Friday, February 16, 2007 12:48 PM > To: IBM-MAIN@BAMA.UA.EDU > Subject: Re: Mixed Case Password on z/OS 1.7 and ACF 2 Version 8 <snip> > > We are becoming unsecure by trying to be so secure. Not everyone has > photographic memory so that they can remember all their > userid/password > combinations (where they can write it down, look at it, then > destroy the > paper). > > This is why PDAs are becoming dangerous as are laptops with their > "wallets" and the like where people keep their userids and > passwords in > their browsers. > > I do not have the answer(s), I just started thinking about the simple > solutions that people will use, but allow risk of compromise being > increased. > > Later, > Steve Thompson One thing that can be done with the Konqueror web browser and KDE on Linux is to use "KDE Wallet". This is an encrypted file which contains various userids and passwords. Konqueror (and other software) can interface with the "KDE Wallet". The program asks for the wallet's password and pass it to the interface along with the resource whose password is needed. The wallet then gives the appropriate password back to the application. This may have been what you were talking about with "wallets", but I'm not sure. <SNIP> You mean, should your computer (laptop) be stolen, one could then boot using a LIVE Linux CD, and crack the wallet contents... Come to think of it, with a LIVE Linux CD, one can crack NTFS files used by Windows.... This is why in our pursuit of security, we make ourselves unsecure because of all the accounts we have that we have to have a userid and password for. And if kept in that wallet, once it is hacked, what damage could be done? Think about this for a moment. How many web sites require you to register before you can look at their content. This adds to the issue. How many use the same throw-away userid across as many junk sites/accounts as possible, but keep the same password as they use for their banking ids? While I may have said this backwards, I think you can see the point. Again, I do not have a solution because the things that I would have pointed out or pointed to have already been shown to not be so secure after all by others on IBM-Main. Regards, Steve Thompson ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
