Re: Some security-related suggestions
Steve Dorner <sdorner@qualcomm.com> Fri, 10 June 1994 15:48 UTC
Received: from ietf.nri.reston.va.us by IETF.CNRI.Reston.VA.US id aa04756; 10 Jun 94 11:48 EDT
Received: from CNRI.RESTON.VA.US by IETF.CNRI.Reston.VA.US id aa04751; 10 Jun 94 11:48 EDT
Received: from ANDREW.CMU.EDU by CNRI.Reston.VA.US id aa12759; 10 Jun 94 11:48 EDT
Received: (from postman@localhost) by andrew.cmu.edu (8.6.7/8.6.6) id LAA06165; Fri, 10 Jun 1994 11:44:33 -0400
Received: via switchmail for ietf-pop3+@andrew.cmu.edu; Fri, 10 Jun 1994 11:44:32 -0400 (EDT)
Received: from po2.andrew.cmu.edu via qmail ID </afs/andrew.cmu.edu/service/mailqs/q001/QF.Ehy8cpi00UdaEdCk55>; Fri, 10 Jun 1994 11:43:50 -0400 (EDT)
Received: from ux1.cso.uiuc.edu (ux1.cso.uiuc.edu [128.174.5.59]) by po2.andrew.cmu.edu (8.6.7/8.6.6) with SMTP id LAA10543 for <ietf-pop3+@andrew.cmu.edu>; Fri, 10 Jun 1994 11:43:32 -0400
Received: from dorner.slip.uiuc.edu by ux1.cso.uiuc.edu with SMTP id AA00884 (5.67b8/IDA-1.5 for <ietf-pop3+@andrew.cmu.edu>); Fri, 10 Jun 1994 10:43:02 -0500
Received: from [192.17.5.10] by dorner.slip.uiuc.edu with SMTP id AA02958 (5.67b/IDA-1.5 for <ietf-pop3+@andrew.cmu.edu>); Fri, 10 Jun 1994 10:43:05 -0500
X-Sender: sdorner@192.17.5.1
Message-Id: <aa1e3987050210169edd@[192.17.5.10]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Fri, 10 Jun 1994 10:49:40 -0500
To: POP3 IETF Mailing List <ietf-pop3+@andrew.cmu.edu>
Sender: ietf-archive-request@IETF.CNRI.Reston.VA.US
From: Steve Dorner <sdorner@qualcomm.com>
Subject: Re: Some security-related suggestions
>Well the reason for this is that users generally pick easily guessable >passwords, so if you pick an obscure user name for them, you have in- >creased the security of their account. And you've also made 90% of them write their login on a postit and stick it to their screen, or write it into a macro on their hard drive, and so you probably have not increased the total security of their account; you've just increased it in for one form of attack, and decreased it for another. Code words (be they logins or passwords or whatever) have to be hard to guess but easy to remember, which means that machine-generated junk (like "2Yhd%0_") shoved down user's throats is not a great way to increase security. This is way off topic, so I'll shut up now. -- Steve Dorner, Qualcomm Incorporated "There's nothing wrong with you that can't be cured with a little Prozac and a polo mallet." - Woody Allen
- Some security-related suggestions Michael D'Errico
- Re: Some security-related suggestions John Gardiner Myers
- Re: Some security-related suggestions Ned Freed
- Re: Some security-related suggestions John Gardiner Myers
- Re: Some security-related suggestions Michael D'Errico
- Re: Some security-related suggestions Steve Dorner
- Re: Some security-related suggestions Michael D'Errico
- Re: Some security-related suggestions Ned Freed
- Re: Some security-related suggestions John Gardiner Myers
- Re: Some security-related suggestions Michael D'Errico
- Re: Some security-related suggestions Steve Dorner