• Subject: Re: Password "Hint" Feasibility
  • From: MacWheel99@xxxxxxx
  • Date: Wed, 8 Nov 2000 15:43:11 EST

Al Mac says

There are a lot of things that are fashionable that are not neccessarily good 
business security.  Such as having our PC remember our password in some kind 
of cookie that any unscrupulous individual can extract, or having such 
complicated password rules that the person is forced to write it down to 
remember it.

> From: barsa2@ibm.net (Al Barsa, Jr.)
>  
>  Al
>  
>  I agree with your approach, I was merely trying to address the suggestion 
>  of some sort of hint.  Hints are becoming fashionable with Internet 
> passwords.
>  
>  Al
>  
>  
>  >Al Mac says
>  >
>  >I have been trying to get people to change their passwords more often, 
>  >so to make it easier, I put a CL that runs CHGPWD 
>  >with no alterations other than MONMSG to 
>  >gracefully support F3 F12 from the application menus 
>  >of people who do not have command line access.
>  >
>  >When people forget their passwords, we put their sign-ons as 
>  >password expired with user name as the password, 
>  >then they sign on as that & immediately have
>  >to change it to somethng they can hopefully remember 
>  >without writing it down.

I also have some SUGGESTIONS regarding what might be easy for THEM to 
remember but NON-OBVIOUS even to people who know them pretty well.

We allow our passwords to be a word in the dictionary.

When I used to assign passwords to my managers, they really loved it when I 
gave them passwords like "BOSS"  But even at that level of simplicity, there 
was a manager who forgot the password.  There are people who need biometrics 
... stick your thumb print some place & run the risk that some day someone 
will cut your thumb off to use for access.

There was one guy at a remote office that I had to get him a password & I had 
to send him a fax with details since we worked different shifts, so I made it 
the last 4 digits of his home phone # so it would be easy for him to remember 
then sent him a puzzle in which the answer to each step was one of the 4 
digits, and each digit needed a different piece of information about the guy 
... like one of them was add up the digits of your zip code & drop off all 
leading digits but the last one.  I got things like that to work only after 
trying a bunch of combinations that did not work.  I later found out that he 
had a dozen people in the office trying to solve the puzzle & they failed, so 
I had obviously made it too difficult & too obtuse.

Alister William Macintyre 
Computer Data Janitor etc. of BPCS 405 CD Rel-02 on 400 model 170 OS4 V4R3 
(forerunner to IBM e-Server i-Series 400)  @ http://www.cen-elec.com Central 
Industries of Indiana--->Quality manufacturer of wire harnesses and 
electrical sub-assemblies

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].