[ale] OT - New encryption technology using a piece of paper

Pat Regan thehead at patshead.com
Sun Sep 4 20:49:05 EDT 2011


On Sat, 03 Sep 2011 20:06:56 -0400
"Michael H. Warfield" <mhw at wittsend.com> wrote:

> The forced changes provide no benefit and yet add that little tiny
> extra opportunity of additional threat.  And, yes, there are password
> sniffers that will fire on password changes so they follow your
> changes as you make them.  Factor it in how you will.
> 

A company I used to work for about a decade ago had a 60 or 90 day
schedule on their forced password changes.  The requirements for the
passwords weren't very strict, either.

Most of the customer service people ended up teaching each other the
same password scheme of current month+year (jan99, for example).  Since
those passwords were good for 60 or 90 days, you could walk out on that
call center floor and guess almost anyone's password in 2 or 3 tries.

Pat


More information about the Ale mailing list