To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.generalOpen lugnet.admin.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / General / 11664
11663  |  11665
Subject: 
Re: Help with member profile / password
Newsgroups: 
lugnet.admin.general
Date: 
Fri, 11 Jun 2004 03:20:46 GMT
Viewed: 
423 times
  
In lugnet.admin.general, Fred Trayers wrote:
In lugnet.admin.general, Frank Filz wrote:
In lugnet.admin.general, Fred Trayers wrote:
Secondly, are there plans to change the
password system on LUGNET?  It seems to me that the current "rules" for
passwords are exceedingly restrictive.

This is not a new concern. In fact, if you read back issues of this very
discussion group, you'll find me (4 years ago or whatever it was) railing
bitterly against how restrictive the password rules are.

Hmm, what do you mean by this? The rules on what a legal password is are not
very restrictive. There are no immediate plans to relax the need for passwords.
Past actions of a few folks have made it imperitive that every post be
authenticated. If you post from the web interface, you can leave yourself logged
on, which eliminates most of the hassle.

Frank Filz
(trying out his new lugnet id).

Frank-

Thanks for the reply!

In my opinion, the LUGNET rules for passwords are the most restrictive that I
have ever encountered (including password selection for classified military
computer systems).

That's not making me feel really good about the military!

Granted, the LUGNET rules and password strength analyzer make a lot of sense,
and it is prudent to follow them.  However, I'm surprised that the system is set
up to *require* adherence.  If a user chooses to use an "easily guessable"
password, then that user should accept the risks that go along with it.

The thing to realise (and this was what I had a hard time grasping at the time)
is that the risk of a compromised password is not that the user suffers, it's
that the rest of the community suffers when spoofing occurs.

In my case, I access LUGNET using the web interface from many different
computers.

I access LUGNET using the web interface from many different computers as well.
When I say many, I mean MANY, literally hundreds in the last 5 years. So I hear
you.

Therefore, I would prefer to use an "easy" password.  Instead, I'm
forced to write a gibberish (albeit more secure) password, which may be safer,
but it is a bit more of an aggrevation.  I guess I don't see what is so
sensitive about LUGNET posts that requires everyone to use complex (and easily
forgettable passwords).

As for complex passwords being easy to forget, I have complex passwords, they
sail through the strength checker quite easily, but they are impossible to
forget. I am not going to say why that is but trust me, read the suggestions
about constructing strong passwords, and you can construct a strong but
unforgettable one too. Or several.

Actually, I have several of them precisely in case I forget one. I can build a
new set, use one of the ones I remember to clear out the old and add new ones
back in. So I am never locked out.

My personal expectation would be that you will not see dimunition of the
strength requirements. However you can, and should, expect that there will be
improvements in the area of getting your passwords reset.

MEANWHILE. EVERYONE ought to go add another memorable password to their set. I
get the impression that most people have only one. Because if they had more than
one, as soon as they realised they forgot one, they could go clear all of them
out and start over using one they remembered.

Hope that helps.



Message has 1 Reply:
  Re: Help with member profile / password
 
"Larry Pieniazek" <larry.pieniazek@lugnet.com> wrote in message news:Hz4JyM.6A0@lugnet.com... (...) for (...) Hmm, I thought the strength requirements had been relaxed. I'm using a password originally considered weak. I honestly have not had to (...) (20 years ago, 11-Jun-04, to lugnet.admin.general)

Message is in Reply To:
  Re: Help with member profile / password
 
(...) Frank- Thanks for the reply! In my opinion, the LUGNET rules for passwords are the most restrictive that I have ever encountered (including password selection for classified military computer systems). Granted, the LUGNET rules and password (...) (20 years ago, 11-Jun-04, to lugnet.admin.general)

5 Messages in This Thread:

Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact

This Message and its Replies on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    

Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR