mailing list archives
From: Glen Mehn <glen () myvest com>
Date: Thu, 20 Feb 2003 16:37:06 -0800
Trevor Cushen wrote:
I had not added anything to this discussion because as you have said it
can be talked to death. But yesterday I saw an article about passwords
and thought I would pass it on because it really is a daring stand the
author has taken. But I saw the article in hard copy and when I went to
search for it I found several articles under the same heading
"PASSWORDS ARE PASSE"
All these articles talk about biometrics and pki etc, but essentially
various forms of phasing out the user entered password. I would be
interested in what this forums general concensis is on that line of
This is not my line of thinking nor do I have a project in the working
to provide more details on a possible implementation or environment,
number of users, costings etc. It is the concept that I am interested
in getting feedback on just out of curiosity.
Trevor (et al):
passwords are problematic, at best, due to the issues outlined ad
nauseum here and on others' lists. My personal preference is to enforce
good passwords changed less often, as opposed to mediocre passwords
changed often, but they're subject to dictionary attacks, easy social
engineering, and are, IMHO, a systemic hole in modern security.
They persist, however, 'cause no one has come up with a good solution
that works for everything as easily as password(s).
Are they passe? Probably. passphrase-protecteed PKI, passwords combined
with securID, biometrics, etc all are more interesting procedures, but
even there, you're seeing something (typically) added to a password.
As Winston Churchill famously said: "the worst system... ever invented,
except for all the others"
Glen Mehn glen () myvest com
Systems Administrator MyVest, LLC
- Re: passwords, (continued)