[thelist] changing password design

Marek Kilimajer kilimajer at webglobe.sk
Fri Sep 12 05:53:08 CDT 2003


OK, then keep your passwords in your wallet as Simon suggests, but you 
should not be afraid to tell your co-worker your pet's name so that he 
is not going to use it to change your password.

Tony Crockford wrote:

> On Fri, 12 Sep 2003 11:51:37 +0200, Marek Kilimajer 
> <kilimajer at webglobe.sk> wrote:
> 
>> Tony Crockford wrote:
>>
>>> usual approach to this is to store another secret (or two) such as 
>>> pet's name, mothers maiden name etc which they are required to enter 
>>> to get a new password; even a user generated question and answer pair 
>>> if needed - what's my favorite food - brussel sprouts
>>
>>
>> It is the same as using these kind of information for password. So you 
>> can tell the users to use it for password right away. Not very secure.
>>
> 
> What is secure?
> 
> The harder you make it for me to remember my login the more likely I am 
> to write it down.
> 
> e.g.  my bank now requires me to log-in using all of these:
> 
> account number
> memorable information (1 of 3 phrases)
> three random digits from my pass number
> 
> I'm going to have to write it down to see which are  the random numbers!
> 
> All I meant was that if you had a second test for identity before 
> allowing a password change it has to be better than not having a second 
> test?
> 
> 
> 
> 
> 



More information about the thelist mailing list