|
| "Howard Brazee" <howard@brazee.net> wrote in message
news:d1evfn$ofh$1@peabody.colorado.edu...
>
> On 18-Mar-2005, "jce" <defaultuser@hotmail.com> wrote:
>
>
> The problem with passwords is a serious problem. We can't use passwords
> that
> are easy to remember, and we can't write them down and post them next to
> our
> computer. What happens is often people go to a site that wants a
> password, and
> they try a dozen variations of their user-id until they get one that
> hasn't been
> used at that site before, log on, get a password, forget it, and repeat
> next
> time they need to go there. Or if they can, they use the same password
> everywhere. (I wonder how many sites have been created that are designed
> to
> harvest such passwords).
>
> In the industry, we are being pulled in many directions. Privacy and
> security
> are important (although the Department of Homeland Security might have
> other
> goals here). But making people remember dozens of different random
> mixed-case with special character passwords doesn't work.
>
> I took a course from someone using Vax's. The Vax checked to make sure
> we
> didn't use English words in our passwords. She didn't mind, she was
> French.
Employee Executive Policy:
Please use a cryptic password. Must contain 8 non consecutive alpha-numeric
characters - recent Italian legislation. It must contain at least 2 non
alpha characters. It cannot contain part of your name, date of birth, or
more than three characters from your prior password. A numeric character
cannot begin or end the password, and it IS case sensitive so you must used
mixed case. It must be changed every 90 days and is not synchronized with
any of your other passwords.
[password entered]
If you forget your password we can give you access to it if you can pass the
security question. Please choose one and provide the answer.
What was your mother's maiden name
Where do your parents live
Also, please be aware that we don't mind you using regular FTP with that
password.
Please ensure you do not write your password down anywhere even in a gun
safe as this is a security violation.
This is only a _SLIGHT_ exagerration of where I work......the security
question is a real solution to what I would _consider_ a customer
confidential site.
I say stamp as all with an id chip and have us chip in to web sites ;-)
JCE
|
|