• Subject: Re: Password "Hint" Feasibility
  • From: "L. S. Russell" <leslier@xxxxxxxxxx>
  • Date: Wed, 08 Nov 2000 15:00:22 -0600
  • Organization: Datrek Professional Bags

Sure giving a "hint" might be a bad idea.  But if you can come up with a
relatively safe and efficent way to automate that portion of your
helpdesk then it might be a good idea.  

"Nathan M. Andelin" wrote:
> 
> <snip>
> Call me paranoid, but it seems to me that you would be making it a lot
> easier for some unscrupulous insider (or even hacker) to get someone else's
> password.
> <end snip>
> 
> Some excellent ideas have been posted of ways to implement a password hint.
> But, that doesn't mean its a good idea.  I'd have to agree that "hints"
> offer a potential security loophole.  Ironic, because I just finished a web
> application in which I provided a password hint feature.  While I might give
> a hint for access to a fairly innocuous application, I certainly wouldn't
> want that to be a feature of OS/400.
> 
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator: david@midrange.com
> +---
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].