On 29 Jun 2007, at 8:24 am, Norman Palardy wrote:
> But, the case I mentioned the users had no control of passwords.
> The system assigned them at and refreshed them at periods that varied
> from 30 - 60 days and your old password only worked 2 more times then
> the new one had to be used.
> Quite draconian.
> But it prevented people from doing something I saw a lot of people do
> on Vax systems where passwords were set to expire.
> They'd simply use a base password and add a digit to the end (ie/
> password1) and next month when it expired increment the digit so
> password1 became password2.
Interestingly, in a VAX system I used to use it only measured the
first 8 characters of your password, having established, when you
changed your password, that it really had changed. So people used to
use the same 8 character password and just add numbers to the end
(which they never used when logging in) whenever it asked them to
change.
> Since a lot of system would only refuse to let you reuse a password
> in 12 months you never had to have more than a few of them with
> digits at the end.
>
> Users can overcome any system you put in place to increase security :)
Thanks to all for the replies. It looks as though I am going to have
to implement my own solution. To explain why I wanted this, for one
of my applications people have to run a setup wizard that asks them
for a password. I wanted to offer a "suggest" button that would
create a reasonably secure and reasonably memorable password just as
a suggestion for them, so they could take that or create their own.
Having thought about it a bit more it isn't after all too difficult.
I hope.
Thanks again,
Ian.
--
Ian Piper
ianpiper at mac dot com
skype: ianmpiper
--
If I'd asked people what they wanted, they would have said faster
horses (Henry Ford)
_______________________________________________
Unsubscribe or switch delivery mode:
<http://www.realsoftware.com/support/listmanager/>
Search the archives:
<http://support.realsoftware.com/listarchives/lists.html>
|