From: Wes Kussmaul <wes@authentrus.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] offered without comment or judgement
Date: Tue, 29 Jun 2010 16:09:07 -0400 [thread overview]
Message-ID: <4C2A52E3.1020803@authentrus.com> (raw)
In-Reply-To: <AANLkTim_3pauNZbTQm-uyoWv0m09MaW8wPeKtdSLCVPG@mail.gmail.com>
[-- Attachment #1: Type: text/plain, Size: 1495 bytes --]
Devon H. O'Dell wrote:
> 2010/6/29 erik quanstrom <quanstro@labs.coraid.com>:
>
>>>> I don't understand why modern security systems have an upper limit on passphrase length.
>>>>
>>> Because people can't remember passwords, and companies don't like
>>> employing full-time password changers.
>>>
>> i don't understand this comment. the length of a password
>> is only vaguely related to memorability. long english phrases
>> are easy to remember. unfortunately, they are also easy to
>> harvest automaticly, so "four score and seven years ago" might
>> be a bad password.
>>
>
> The problem is two-fold:
>
> a) Lay-people are told by all their "computer guru" friends to choose
> a password that is difficult to guess. Add numbers, capital letters,
> punctuation. Most people don't think in this sort of context, and it
> is difficult to remember.
>
> b) People don't regard the idea as particularly important. I know many
> people who routinely forget 6-8 character passwords.
>
Many banks still use 4 digit PINs on their ATM cards, without problem.
Possession is a very important factor.
The token that will prevail of course is the phone - even though it
denies relying parties the billboard value of a card.
Now, will developers be smart enough to isolate the private key from the
phone's porous OS? The jury is out on that.
wk
--
Learn about The Authenticity Economy at
http://video.google.com/videoplay?docid=-1419344994607129684&hl=en#
[-- Attachment #2: Type: text/html, Size: 2362 bytes --]
next prev parent reply other threads:[~2010-06-29 20:09 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-28 22:32 ron minnich
2010-06-28 23:10 ` Ethan Grammatikidis
2010-06-29 2:28 ` Wes Kussmaul
2010-06-29 2:46 ` Stanley Lieber
2010-06-29 17:13 ` Wes Kussmaul
2010-06-29 17:27 ` Devon H. O'Dell
2010-06-29 18:30 ` Steve Simon
2010-06-29 18:41 ` Devon H. O'Dell
2010-06-29 18:57 ` erik quanstrom
2010-06-29 19:13 ` Devon H. O'Dell
2010-06-29 19:32 ` erik quanstrom
2010-06-29 20:00 ` Devon H. O'Dell
2010-06-30 11:28 ` erik quanstrom
2010-06-30 15:22 ` Wes Kussmaul
2010-06-30 16:22 ` Devon H. O'Dell
2010-06-29 20:09 ` Wes Kussmaul [this message]
2010-06-29 21:34 ` Steve Simon
2010-06-29 19:19 ` Wes Kussmaul
2010-06-29 3:46 ` erik quanstrom
2010-06-29 8:07 ` Akshat Kumar
2010-06-29 9:14 ` hiro
2010-06-29 9:17 ` erik quanstrom
2010-06-29 19:59 ` ron minnich
2010-06-29 13:43 ` Gabriel Díaz
2010-06-29 16:54 ` hiro
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4C2A52E3.1020803@authentrus.com \
--to=wes@authentrus.com \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).