Password security - Another idea
Jonathan I. Kamens
jik at athena.mit.edu
Wed Jan 11 01:12:38 AEST 1989
In article <9326 at smoke.BRL.MIL> gwyn at brl.arpa (Doug Gwyn (VLD/VMB) <gwyn>) writes:
>No matter how much you tell users not to do this, so long as the
>password is one they cannot easily remember sooner or later some
>of them are going to compromise it this way. Your personal use of
>paper in your wallet is not the worst security problem in such an
>environment.
I think we're sort of agreeing with each other :-). We both agree
that the use of passwords that are hard to remember causes a decrease
in security. I feel this way (and I think you will agree with my
reasoning) for the following reasons:
1. A harder to remember password is typed more slowly by the user.
When a password is typed more slowly, it is easier to read what the
user is typing off of his fingers as he types it.
2. A harder to remember password is written down by the user. Forcing
the user to write down his/her password is a problem because no
matter where he writes it down and how securely he treats that
piece of paper (or whatever), it is still more likely that someone
will see it and get his password. Furthermore, users are known not
to be careful (as you pointed out), so it is more likely that the
password will be written down in an insecure location (taped to the
terminal, pull-out desk, etc.) than that it will be written in a
secure location.
There is a third reason why hard-to-remember passwords are a problem:
3. Users will forget hard-to-remember passwords more often and/or lose
the paper on which the password is written, so system
administrators will have to put up with people coming to them and
asking, "Can you change my password to something simple because I
forgot what it is?" much more often.
So, are we arguing the same side, or what?
Jonathan Kamens
MIT Project Athena
More information about the Comp.unix.wizards
mailing list