[Discuss] A Little OT: The Password Post-It
jc at trillian.mit.edu
jc at trillian.mit.edu
Wed Apr 18 16:15:36 EDT 2012
Chris O'Connell wrote:
| I think we, as IT professionals, have to acknowledge that not all of our
| users are as savvy we are. Not everyone is going to be capable of keeping
| their passwords straight.
Hmmm ... A quick check shows that my personal password file has over
200 distinct entries. Some of these I haven't used in over a year,
but the accounts are still there. One reason I haven't used them is
that lots of software now remembers them and fills in Password:
fields for me. But even if this weren't happening, I still couldn't
remember that many passwords, unless I made most of them the same. If
anyone claims that they can, I'd be very skeptical without a demo.
So my level of savviness is probably irrelevant; I'd be surprised if
very many people of any kind can remember so many nonsense words.
And, despite whatever strategies I may try to use, most of these
passwords do have at least some stuff that's difficult to remember.
This is due to the way that admins insist on password rules that are
designed for security, but which are different for every site. This
forces me to use passwords that don't follow any personal pattern,
meaning that I have little choice except to store them somewhere
that's easily available when I need them.
The real problem isn't that users write down their passwords. The
real problem is that system admins force the users to write down
their passwords.
(Hey, maybe I should use that as a sig for a while. ;-)
--
The fewer jobs a tool is designed to do, the better it does each of them.
_'
O
<:#/> John Chambers
+ <jc at trillian.mit.edu>
/#\ <jc1742 at gmail.com>
| |
More information about the Discuss
mailing list