Slashdot Mirror

← Back to Stories (view on slashdot.org)

Real Security?

Posted by michael on from the lockdown dept.

An anonymous reader writes "A recent article at Ask Tog raised the common argument about how much security is good. Tog says: 'I've been watching security people for years as they've slowly increased the security of everything they can get their hands on until any idiot can wander in.' Is this the case? Are we increasing security too much, so that the users circumvent it? Should we be allowing simple passwords?"

3 of 557 comments (clear)

  1. Forced password changes by Rex+Code · · Score: 5, Insightful

    Forcing users to change passwords is one example of something that doesn't help security. If there's anything that's going to make the common user write their password on a post-it note and stick it to their monitor, it's being forced to change it at random intervals.

    If you've done a dictionary search when the password was originally set, or at least ensured that the password contained a couple numbers and symbols, then it's a good password and you have no reason to assume the user can't keep it secret. Plus, people might not be able to keep coming up with unique passwords once a month.

  2. Re:password quandry by thecampbeln · · Score: 5, Insightful
    No shit! At some places I've worked, passwords are required to contain X capital letters, Y numbers, and changed once a month. So what ends up happening? After forgetting the damned thing two or three times, most users (including myself, bad form I know but hey) come up with a pattern to their passwords. So, something like this begins to appear:

    Pa55J4n
    Pa55F3b
    Pa55M4r
    Pa55Apr

    Sure, now you have 'secure passwords', but once someone recognizes the patter... This, IMHO is counter productive security wise. Have the ultra secure passwords, but don't make you're users change them too often or this shit begins to appear.

    --
    "1984" was ment to be a warning, not a guidebook. You hear that Kim Jong-il!? BushCo?!
  3. I use good passwords, and here's how by kaan · · Score: 5, Insightful

    And I have to spend nearly zero brainpower remembering a password. Here's what I do...

    Take a phrase (song lyric, phrase, personal mantra, etc.) and grab the first letter of each word. Then replace various letters with numeric digits.

    So an example phrase might be: "i love to post on slashdot"

    which would become: "iltpos", but then you could replace the "o" with the digit zero (0), and the "s" with the digit five (5), so now you've got:

    "iltp05"

    That's basically an unintelligible password, yet totally easy to remember because all you need to remember is your password geneation scheme and a tip for what your phrase is.