On 07/05/07, David Gerard dgerard@gmail.com wrote:
Normal people just *don't understand* passwords.
I used to do dial-up Internet tech support. "What do you want for a password?" "Oh, [username]." "I'm sorry, you can't have it be the same." "Oh, [username]1."
Sounds like your old dial-up company didn't understand passwords either - how difficult is it to implement a system which doesn't involve everyone telling tech support their password?
Suggestions? Assume we can't require an RSA keyfob for all editors.
It's not unusual to have a set of rules passwords have to satisfy that are checked whenever an account is made or the password changed. It doesn't take much to stop the "low hanging fruit" of bad passwords (just require a certain length and require at least one letter and at least one number - dictionary searches are good too, but not as easy).