[olug] The Usability of Passwords

Aric Aasgaard aric at omahax.com
Wed Mar 30 20:28:58 UTC 2011


I am a fan of the 5 second pause between password tries.

-----Original Message-----
From: olug-bounces at olug.org [mailto:olug-bounces at olug.org] On Behalf Of Dave
Rowe
Sent: Wednesday, March 30, 2011 3:20 PM
To: Kevin D. Snodgrass; Omaha Linux User Group
Subject: Re: [olug] The Usability of Passwords

On Wed, Mar 30, 2011 at 3:02 PM, Kevin D. Snodgrass
<kdsnodgrass at yahoo.com>wrote:

> --- On Wed, 3/30/11, Dave Rowe <dave at roweware.com> wrote:
> > Oh man, and you and I would not get along :/
>
> Better hope I'm never in charge of any system you need to log into then.
> :-)
>
> > Why not, instead, institute a policy that after 3 - 5 failed logins 
> > the account is locked.
>
> Oh, that was in effect also.  3 strikes and you're locked out.  Gotta 
> come to me to get reset.  Most people disliked the experience so much 
> they never got locked out a second time.  :-)
>
> I was a BOFH before I ever read The Reg....
> http://www.theregister.co.uk/odds/bofh/
>
> Kevin D. Snodgrass
>

Congratulations?  No offense, but had I been the VP of Sales you mentioned,
it would have been you that had the bad day.  Requiring a policy where the
only to remember the password is a post-it note, is a sign of a problem,
that lies NOT with the user.

I am genuinely curious - for other admins on the list - given a lock out
scenario / delayed re-attempts (as noted in the original article) - how
_drastically_ important is the overly complex password scheme?  Even the
password change scheme?  What makes a reasonably complex password (like
oranges75) go bad after 30 days?

-Dave
_______________________________________________
OLUG mailing list
OLUG at olug.org
https://lists.olug.org/mailman/listinfo/olug




More information about the OLUG mailing list