On Tue, Nov 24, 2009 at 2:31 PM, AJ ONeal <[email protected]> wrote:
> Since the passphrase for my e-mail is something along the lines of "My > favorite animal is the number purple" and it's transmitted over HTTPS. The > only way one would ever get it is either by looking directly at me as I type > it in. > > I consider it to be rather secure. > It turns out that all I actually have to do is to listen to you type it, and I can reduce the entropy significantly, usually enough to guess it in a reasonable number of tries... > In this particular case, I would rather log into my bank with OpenID than > with their system, seeing that their system is quite a bit less secure (only > allowing 8 characters). > But good point here.... my bank only allows 8 characters too *shudder* James -- "And very early in the morning the first day of the week, they came unto the sepulchre at the rising of the sun..." (Mark 16:2) Web: http://james.jlcarroll.net
-------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list
