Passwords: does size matter, what characters?
Ted Roche
tedroche at tedroche.com
Fri Mar 10 17:09:01 EST 2006
> 1. Many sites offer a 'enter the answer to your secret question'
> fallback for people who have forgotten their password. This throws
> out any strength your password may have had as an attacker is going
> to go straight to "what's my dog's name" - Jake, Buddy, in. Most
> other sites have a 'mail me my password' option. It's either that
> or pay a human for tech support. Security vs. convenience.
i.e., What is Paris Hilton's dog named?
We're actually implementing that, too, but even worse, the client
wants to let the user enter their own question. You can just imagine
the entries! "What is the airspeed of a laden swallow?" "What is my
login id?" "What is one plus one?"
Luckily, we're not keeping valuable info on the system...
More information about the gnhlug-discuss
mailing list