Re: Big Sites That Don't Allow Complex Passwords !?!

Author	All Replies
Daniel Premium,MVM join:2000-06-26 Pleasanton, CA clubs: 2 edits	reply to nwrickert Re: Big Sites That Don't Allow Complex Passwords !?! said by nwrickert : It's a problem because humans are better at remembering shorter passwords, ... The idea of remembering passwords went out the window once web sites started wanting passwords. It is unmanageable. Your argument is invalid simply because over 95% of users still do manage their own passwords. That's a guess, but it's actually probably closer to 99%. We have to solve the problems we have, not the problems we should have or wish we had. -- dmiessler.com -- grep understanding knowledge
	to forum · permalink · · 2007-03-17 18:08:14 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T U-Verse ·AT&T Midwest	Your argument is invalid simply because over 95% of users still do manage their own passwords. I manage my own passwords. Storing them in a file, and encrypting that file is part of how I manage them. I just checked. I have 55 entries in that file, and I shun most web sites that require passwords. Nobody can remember that many. If they actually are trying to remember 55 passwords, then they are probably using very weak passwords and re-using the same password for many sites. And if they are doing that, they have a more serious problem than the one you suggested in your OP. -- AT&T dsl; Westell 2200 modem/router; SuSE 10.1; firefox 1.5.0.10
	to forum · permalink · · 2007-03-17 18:17:54 ·
Daniel Premium,MVM join:2000-06-26 Pleasanton, CA clubs:	said by nwrickert : Your argument is invalid simply because over 95% of users still do manage their own passwords. If they actually are trying to remember 55 passwords, then they are probably using very weak passwords and re-using the same password for many sites. And if they are doing that, they have a more serious problem than the one you suggested in your OP. Well, that is the reality we're facing. The question is, how do we mitigate some of this risk? It's a lot harder to get users to change their habits than it is to get a single site that handles millions of accounts to change theirs. I agree it's not a real solution, but nothing in security ever is. It's about reducing risk, and if we can add ANY significant amount of complexity to the incredibly weak passwords that most people use, we'll have accomplished something. Hence my OP. -- dmiessler.com -- grep understanding knowledge
	to forum · permalink · · 2007-03-17 18:24:44 ·


Thursday, 03-Dec 01:12:08	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com.republican-creole page compression OFF