On Sun, Apr 17, 2011 at 6:47 PM, Robert LeBlanc <[email protected]>wrote:
> I hate passwords/passphrases. Actually, I hate programmers who are idiots > that program password/phrase requirements. I really hate when I can't use my > strong password on banking website (where you should have a strong password) > because they don't like punctuation marks (< whiny voice> Only numbers and > letters please! </whiny voice>). I am so hoping for the day when single > sign-on really goes somewhere, where I can trust one identity provider and > know that only they ever have my password (better yet a certificate or key). > > I have thought it ridiculous that banks force such weak passwords on me but now I wonder, given the discussion and the reading, if it might not be by design. You can only enter in the wrong password four or five times before you get locked out of your account, so brute force is definitely not going to gain anyone access to your account. By keeping the passwords brief and alphanumeric they make them much easier to remember and much less likely to be written down and taken in a theft. Is that giving them too much credit? Anyway, they should totally adopt that as their explanation for why the passwords seem to be so insecure but in actual fact aren't. Joshua.
-------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list
