[cap-talk] Do Strong Web Passwords Accomplish Anything?
David-Sarah Hopwood
david-sarah at jacaranda.org
Wed Jul 22 23:57:41 EDT 2009
Rob Meijer wrote:
> Hi Alan, interesting subject.
>
> Looking at the summation in 1.1 of common advices, we can add one more:
>
> * Don't use the same password for multiple sites.
>
> The 3.3 section seems to advocate the (IMHO) horrible "three strikes"
> approach. This approach simply does not work for several reasons:
>
> 1) Blocking the legitimate account creates a real availability/DOS issue.
Indeed. I recently had to reset the pins on three credit/debit cards because
they weren't the same as the card I normally use, and I'd forgotten them,
and wasn't going to remember them within the "three strikes".
[When I rang my bank to do this, it transpired that they knew one of the
cards had been cloned, but it hadn't occurred to them to tell me. The bank
was HSBC, to name the guilty.]
Having to remember all of these silly numbers and passwords is a bane of
modern life.
--
David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
More information about the cap-talk
mailing list