|
-
July 30th, 2005, 04:07 PM
#51
The length, compexity, written down, memorized. It realy is not that important. What is, is how fast you can realise and then react to compromisation. All passwords can be extracted, either by theft, cracking, guessing, socialengineering, coercian, etc.etc. Its not the password that is important, its the password holder and his attitude to security.
It matters not whether a password is memorised, if the holder gives it out for a free coffee or if written down, if left for all to see.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry
-
July 30th, 2005, 05:56 PM
#52
Human factor {Human vulnerablilty} is still the most dangerous and unbatchable vulnerability, everything acna be batched but human brain .... I agree with jinxy!
\"The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts\".....Spaf
Everytime I learn a new thing, I discover how ignorant I am.- ... Black Cluster
-
July 30th, 2005, 09:22 PM
#53
The post was asinine because it failed to address what it was addressing. You put on the blinders and went forward with your ideas regardless of what new information had been put out there.
The point isn't whether or not you can train users to remember long passwords, consider the following truths:
- Security policies typically call for longer than 7 char passwords.
- Security policies typically prohibit the writing down of passwords.
- Users may be trained to reliably recall longer passwords.
- 7 chars is the maximum amount considered reasonable when requiring recall.
Even if you train your users, you still have nothing to stand on if they violate the security policy because the courts will rule it was an unreasonable expectation.
This means you can't fire them (well you can, but they can sue, and will win) for violation of the policy and you can't press charges if the system is compromised via the mishandling of their password.
An unenforceable security policy is an utterly worthless security policy. Doesn't matter who can remember what, with what kind of training. Consequently any training in this regard is wasteful since its ROI is nothing.
cheers,
catch
-
July 31st, 2005, 04:42 AM
#54
I would say describing a post as "asinine" and making a statement intended to call into question the sexual preference of the subject are not on equal grounds. Neither are really 'name calling', but one of them is basically at about the same age level...it's more like flamebaiting.
I know catch can seem challenging...I occasionally find his attitude to feel antagonistic or condescending...but tone is very difficult to properly convey through the media of forums and chat rooms. What I have come to learn is he usually has a f$cking clue as to what he's talking about.
Sorry bludgeon, but I don't recall seeing much from you that has made the same impression on me. Your followup posts have been more relevant to the discussion, but that one was simply childish and petty.
AO has been pretty good, from my perspective, in minimizing flame wars and such. It would be unfortunate to see that sort of behavior take root now.
"Data is not necessarily information. Information does not necessarily lead to knowledge. And knowledge is not always sufficient to discover truth and breed wisdom." --Spaf
Anyone who is capable of getting themselves made president should on no account be allowed to do the job. --Douglas Adams (1952-2001)
"...people find it far easier to forgive others for being wrong than being right." - Albus Percival Wulfric Brian Dumbledore
-
August 3rd, 2005, 08:17 AM
#55
heh heh....
/me has already taken root...and I'm done on this one, I hope the discussion continues....funny how these things work.
While I'm addressing the non-addressed, allowed me to dress, perhaps in a dress, or some lacy nightgown that you may call a 'frock', could be in a... mock... tribute...while I ponder the points brought up in this thread that I've already read, but been accused of disrespect in response..... everyone here seems to love the Latin language for their sigs, which I don't get, but since it's used....'Credendo vives' and 'cave canem'....my views are different, different than most, but I seem to butt heads with people who don't follow the concept of 'Rem tene, verba sequentur'.
Heh, someone attack my latin spelling, I'd like to turn this into a Monty Pythonish thread....
Every now and then, one of you won't annoy me.
-
August 3rd, 2005, 08:53 AM
#56
WRITE DOWN THE PASSWORD IN A PEICE OF PAPER AND GIVE IT TO ME :-P
-
August 3rd, 2005, 09:20 AM
#57
Originally posted here by zencoder
Sorry bludgeon, but I don't recall seeing much from you that has made the same impression on me. Your followup posts have been more relevant to the discussion, but that one was simply childish and petty.
I have not made an assesment on your character here...if you'd like it, I think I could manage the time....
...I wasn't going to write this, but once again, I feel I was instigated....you can see my flames in the addicts forum....when I'm intentionally offensive, it's apparent. When I'm bringing up points of discussion, I hope this is also apparent....meh, once again, I'm really done now....but as far as 'TONE" goes, chief Zencoder, it's an easy thing to see once you move through a person's posts and see the 'attitude' they take in responding to people....I've been here for a while, 'big dog ap man', even a bit before my join date...if I don't feel the need to rehash old tuts or respond to things that other people can answer better than me, you can't 'flaw' me for that, it's actually funny, some people would call me a smarter person for not....doing what you would 'flaw' me for...
Every now and then, one of you won't annoy me.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
