|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Consumer Security Web Site
nom.de.guerre
bonbon.net
Date: Tue Jun 29 2004 - 14:34:26 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In-Reply-To: <20040628212518.JPST9422.mta06-svc.ntlworld.commail.leafgrove.com>
Agreed.
We recently evaluated a product which had a password retrieval scheme where the 'secret answer' was your pet's name, but it had to be 8 charecters or more. An associate and I looked at each other and mouthed "Complex Pet Names" simultaneously.
If the data is so sensitive that an approriate password cannot be memorized,IMO, you should start adding authentication factors...tokens, call back mechanisms, or other restrictions.
>There are lots of myths out there on what qualifies as a good password and
>while all us techies would love our users to pick something really complex
>(read "nasty") the fact remains that they would rather pick the name of
>their dog or football team. So, a few tips on choosing something easy to
>remember and hard to crack, and obfuscating their dogs name might be nice :)
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]