[thelist] changing password design
Marek Kilimajer
kilimajer at webglobe.sk
Fri Sep 12 05:53:08 CDT 2003
OK, then keep your passwords in your wallet as Simon suggests, but you
should not be afraid to tell your co-worker your pet's name so that he
is not going to use it to change your password.
Tony Crockford wrote:
> On Fri, 12 Sep 2003 11:51:37 +0200, Marek Kilimajer
> <kilimajer at webglobe.sk> wrote:
>
>> Tony Crockford wrote:
>>
>>> usual approach to this is to store another secret (or two) such as
>>> pet's name, mothers maiden name etc which they are required to enter
>>> to get a new password; even a user generated question and answer pair
>>> if needed - what's my favorite food - brussel sprouts
>>
>>
>> It is the same as using these kind of information for password. So you
>> can tell the users to use it for password right away. Not very secure.
>>
>
> What is secure?
>
> The harder you make it for me to remember my login the more likely I am
> to write it down.
>
> e.g. my bank now requires me to log-in using all of these:
>
> account number
> memorable information (1 of 3 phrases)
> three random digits from my pass number
>
> I'm going to have to write it down to see which are the random numbers!
>
> All I meant was that if you had a second test for identity before
> allowing a password change it has to be better than not having a second
> test?
>
>
>
>
>
More information about the thelist
mailing list