[cap-talk] Update on petname related anti-phishing work at theW3C
Karp, Alan H
alan.karp at hp.com
Sun Jul 1 17:18:13 EDT 2007
Dean Tribble wrote:
>
> BTW I would think that the only psasword that would not be
> automatically generated would be the user's local password.
> All the passwords for remote accounts should be randomly
> generated and not typically ever visible to the user. (on
> the theory that you can't get tricked out of an account
> password if you don't ever need to know it).
>
There are numerous password management tools that do that. The
objection people have is that they can't get their passwords when away
from their own machines. There are now USB devices that have both the
passwords and the program to access them. Unfortunately, manual
insertion of the password is often required, which means people can give
away their passwords without needing to know what it is.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
https://ecardfile.com/id/Alan_Karp
http://www.hpl.hp.com/personal/Alan_Karp
More information about the cap-talk
mailing list