To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.peopleOpen lugnet.people in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 People / 1074
1073  |  1075
Subject: 
 Re: LUGNET Memberships
Newsgroups: 
 lugnet.people, lugnet.admin.general
Date: 
 Mon, 25 Sep 2000 03:46:09 GMT
Viewed: 
 5250 times
  
In lugnet.people, Todd Lehman writes:

My banks and credit
cards and online trading accounts don't require that much "security", why
does my chat board?

False.  Bank and credit cards require a lot more security than most people
think.  It may seem as though your bank card is protected by a 4- or 8-digit
PIN number, but that's not true!  Someone has to steal the card off your
person _and_ know the PIN number in order to steal your money.  Oh sure, if

Actually, all they need to know is my customer number and a PIN to view my
account records.  I would consider my bank account records much more valuable
than my LUGNET profile, no offense :)

If the concern is script kiddies cracking accounts, wouldn't it make more
sense to disable accounts (or better  IP's) that are attempting cracking
than force users to choose uncomfortable passwords?

You might want to consider letting your users, many of whom understand
the issues and risks as well as you do, decide for themselves what
strength password to use.

Also, I don't think Larry and I have a problem with the fact that you
reject trivial passwords, but that your standards are a bit too high
for practical use.  Remember, any security measure should be designed
to delay subversion, not prevent it outright, which is theoretically
impossible.  Have you determined what ammound of difficulty is required
before you could detect the intrusion attempt?  Or did you set an artificially
high standard (like months or years) without consideration of the impact
it would have on legitemate use?  The president would be alot safer if
he never went out in public, but that would interfere unacceptably with
his normal activities.

KL



Message has 1 Reply:
  Re: LUGNET Memberships
 
(...) ouch. How easy is it for a thief to get your customer number? How many digits is your PIN? (...) natch. :) (...) Disable accounts on repeated fails and you make it trivial to DoS someone. Disable IP addresses and you lock out the innocent on (...) (24 years ago, 25-Sep-00, to lugnet.people, lugnet.admin.general)  

Message is in Reply To:
  Re: LUGNET Memberships
 
(...) Of course not -- because that's patently false. Uhhh, if you chronically have trouble remembering good passwords, you should be writing them down and putting them somewhere *safe* that you trust -- like your dresser drawer at home, or a (...) (24 years ago, 24-Sep-00, to lugnet.people, lugnet.admin.general)

113 Messages in This Thread:
(Inline display suppressed due to large size. Click Dots below to view.)
Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    
Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR