Blaming the Victims

The purveyors of security love to blame password issues on the general
public, but this is unrealistic. An average person simply cannot
remember more than a few passwords without the aid of "insecure"cheat
sheets" and those they can remember will have probably some
weaknesses. The computer industry should stop blaming the victims and
instead speed up development of alternate ways of "verifying user
identities".

socrtwo

From: "socrtwo" <>

| The purveyors of security love to blame password issues on the general
| public, but this is unrealistic. An average person simply cannot
| remember more than a few passwords without the aid of "insecure"cheat
| sheets" and those they can remember will have probably some
| weaknesses. The computer industry should stop blaming the victims and
| instead speed up development of alternate ways of "verifying user
| identities".

That's what I've been saying about having many passwords and complex ones like requiring
14 digits, 2 upper, 2 lower , 2 number and 2 special.

There come a point when increasing the complexity does not improve security, indeed, it
decreases it. Security is decreased when the passworrds are too complex and the user has
to write them down.

I hate arm chair quaterbacks that make the rules but do NOT see what's really going on.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp

David H. Lipman

David H. Lipman wrote:
> From: "socrtwo" <>
>
> | The purveyors of security love to blame password issues on the general
> | public, but this is unrealistic. An average person simply cannot
> | remember more than a few passwords without the aid of "insecure"cheat
> | sheets" and those they can remember will have probably some
> | weaknesses. The computer industry should stop blaming the victims and
> | instead speed up development of alternate ways of "verifying user
> | identities".
>
> That's what I've been saying about having many passwords and complex ones like requiring
> 14 digits, 2 upper, 2 lower , 2 number and 2 special.
>
> There come a point when increasing the complexity does not improve security, indeed, it
> decreases it. Security is decreased when the passworrds are too complex and the user has
> to write them down.
>
> I hate arm chair quaterbacks that make the rules but do NOT see what's really going on.
>
>
I use one password concatenated with the URL of the site I am connecting
to (or the host name) run though a hash function. It is unique to each
site/computer has numbers, symbols, upper and lower case letters is
impossible to remember and I never have to write it down.

Noah Davids

In article <e1c6e678-0983-4f21-8685-
>, says...
>
> The purveyors of security love to blame password issues on the general
> public, but this is unrealistic. An average person simply cannot
> remember more than a few passwords without the aid of "insecure"cheat
> sheets" and those they can remember will have probably some
> weaknesses. The computer industry should stop blaming the victims and
> instead speed up development of alternate ways of "verifying user
> identities".

You are completely incorrect.

In the old days I would buy lunch for anyone in the shop who's password
I could not break in a couple hours - since I ran the department it was
perfectly in compliance with our policy to test password strength.

I only had to purchase lunch a couple times a year and we changed
passwords every 30 days - only had to reset a password once in several
years.

Most people take the easy way out - they create weak passwords because
they don't really CARE, and that's what gets them into trouble, lack of
caring.


--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
(remove 999 for proper email address)

Leythos