[cap-talk] Do Strong Web Passwords Accomplish Anything?
Karp, Alan H
alan.karp at hp.com
Thu Jul 23 12:26:53 EDT 2009
David-Sarah Hopwood wrote:
>
> Having to remember all of these silly numbers and passwords is a bane of modern life.
>
Try my password calculator, http://www.hpl.hp.com/personal/Alan_Karp/site_password/index.html. (There's a Mac version for those who are interested.) A dictionary attack against your master password is possible, but attackers must know that you're using this tool. Since hardly anybody uses it, you're safe :) A strong master password is a good idea, anyway.
________________________
Alan Karp
Principal Scientist
Virus Safe Computing Initiative
Hewlett-Packard Laboratories
1501 Page Mill Road
Palo Alto, CA 94304
(650) 857-3967, fax (650) 857-7029
http://www.hpl.hp.com/personal/Alan_Karp
> -----Original Message-----
> From: cap-talk-bounces at mail.eros-os.org [mailto:cap-talk-
> bounces at mail.eros-os.org] On Behalf Of David-Sarah Hopwood
> Sent: Wednesday, July 22, 2009 8:58 PM
> To: General discussions concerning capability systems.
> Subject: Re: [cap-talk] Do Strong Web Passwords Accomplish Anything?
>
> Rob Meijer wrote:
> > Hi Alan, interesting subject.
> >
> > Looking at the summation in 1.1 of common advices, we can add one
> more:
> >
> > * Don't use the same password for multiple sites.
> >
> > The 3.3 section seems to advocate the (IMHO) horrible "three strikes"
> > approach. This approach simply does not work for several reasons:
> >
> > 1) Blocking the legitimate account creates a real availability/DOS
> issue.
>
> Indeed. I recently had to reset the pins on three credit/debit cards
> because
> they weren't the same as the card I normally use, and I'd forgotten
> them,
> and wasn't going to remember them within the "three strikes".
>
> [When I rang my bank to do this, it transpired that they knew one of
> the
> cards had been cloned, but it hadn't occurred to them to tell me. The
> bank
> was HSBC, to name the guilty.]
>
> Having to remember all of these silly numbers and passwords is a bane
> of
> modern life.
>
> --
> David-Sarah Hopwood ⚥ http://davidsarah.livejournal.com
>
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
More information about the cap-talk
mailing list