[olug] The Usability of Passwords
Dave Rowe
dave at roweware.com
Wed Mar 30 20:20:05 UTC 2011
On Wed, Mar 30, 2011 at 3:02 PM, Kevin D. Snodgrass
<kdsnodgrass at yahoo.com>wrote:
> --- On Wed, 3/30/11, Dave Rowe <dave at roweware.com> wrote:
> > Oh man, and you and I would not get along :/
>
> Better hope I'm never in charge of any system you need to log into then.
> :-)
>
> > Why not, instead, institute a policy that after 3 - 5 failed logins
> > the account is locked.
>
> Oh, that was in effect also. 3 strikes and you're locked out. Gotta come
> to me to get reset. Most people disliked the experience so much they never
> got locked out a second time. :-)
>
> I was a BOFH before I ever read The Reg....
> http://www.theregister.co.uk/odds/bofh/
>
> Kevin D. Snodgrass
>
Congratulations? No offense, but had I been the VP of Sales you mentioned,
it would have been you that had the bad day. Requiring a policy where the
only to remember the password is a post-it note, is a sign of a problem,
that lies NOT with the user.
I am genuinely curious - for other admins on the list - given a lock out
scenario / delayed re-attempts (as noted in the original article) - how
_drastically_ important is the overly complex password scheme? Even the
password change scheme? What makes a reasonably complex password (like
oranges75) go bad after 30 days?
-Dave
More information about the OLUG
mailing list