[olug] The Usability of Passwords
Aric Aasgaard
aric at omahax.com
Wed Mar 30 20:28:58 UTC 2011
I am a fan of the 5 second pause between password tries.
-----Original Message-----
From: olug-bounces at olug.org [mailto:olug-bounces at olug.org] On Behalf Of Dave
Rowe
Sent: Wednesday, March 30, 2011 3:20 PM
To: Kevin D. Snodgrass; Omaha Linux User Group
Subject: Re: [olug] The Usability of Passwords
On Wed, Mar 30, 2011 at 3:02 PM, Kevin D. Snodgrass
<kdsnodgrass at yahoo.com>wrote:
> --- On Wed, 3/30/11, Dave Rowe <dave at roweware.com> wrote:
> > Oh man, and you and I would not get along :/
>
> Better hope I'm never in charge of any system you need to log into then.
> :-)
>
> > Why not, instead, institute a policy that after 3 - 5 failed logins
> > the account is locked.
>
> Oh, that was in effect also. 3 strikes and you're locked out. Gotta
> come to me to get reset. Most people disliked the experience so much
> they never got locked out a second time. :-)
>
> I was a BOFH before I ever read The Reg....
> http://www.theregister.co.uk/odds/bofh/
>
> Kevin D. Snodgrass
>
Congratulations? No offense, but had I been the VP of Sales you mentioned,
it would have been you that had the bad day. Requiring a policy where the
only to remember the password is a post-it note, is a sign of a problem,
that lies NOT with the user.
I am genuinely curious - for other admins on the list - given a lock out
scenario / delayed re-attempts (as noted in the original article) - how
_drastically_ important is the overly complex password scheme? Even the
password change scheme? What makes a reasonably complex password (like
oranges75) go bad after 30 days?
-Dave
_______________________________________________
OLUG mailing list
OLUG at olug.org
https://lists.olug.org/mailman/listinfo/olug
More information about the OLUG
mailing list