On 5/7/07, Steve Summit <scs(a)eskimo.com> wrote:
Gregory Maxwell wrote:
But what we should be telling people is:
"Use the longest pass*phrase* you can easily type...
Yes, "gWXi$a09" is strong too, but when you try to tell people to use
passwords like that you get "10qpalz," which isn't strong.
Well,
I'm not so sure either works. I'm one of the more
security-conscious people I know, and I don't bother with strong
passwords (let alone passphrases) when I register at ordinary
websites -- the risk just isn't there. If you tell me to pick
a strong password I'll just laugh at you.
And if you violently disagree with me here -- that's my point.
This may be an irresponsible attitude of mine, maybe I really
*should* be using strong passwords on every ordinary website I
register with, but: I bet I'm not alone.
If your security strategy depends on users picking a certain kind
of password, you'd better enforce it in software, because I doubt
you'll get enough voluntary compliance otherwise.
_______________________________________________
WikiEN-l mailing list
WikiEN-l(a)lists.wikimedia.org
To unsubscribe from this mailing list, visit:
http://lists.wikimedia.org/mailman/listinfo/wikien-l
One would hope you'd think differently, if you had administrative or
other privileged access to that website? I agree with you in most
cases, my NYTimes password is just abcd1234. I couldn't care less if
anyone else uses the account. But if I were responsible for editing
and maintaining the site, you better bet I'd pick a much better one.
Which is an argument for crats asking users to confirm they have changed
their password to something strong before sysopping them. When most
people create wikipedia accounts they haven't got responsibility in
mind. That's the reason I've got a crap username. I just logged on
thinking, I want to edit a few things here in a spare ten minutes, and
grabbed the first name that came into my head - and my password was....
wait for it.... 'glasgow'.
A request for me to use a strong one, would have been bet with 'shrug'
"Doc glasgow"