To LUGNET HomepageTo LUGNET News HomepageTo LUGNET Guide Homepage
 Help on Searching
 
Post new message to lugnet.admin.generalOpen lugnet.admin.general in your NNTP NewsreaderTo LUGNET News Traffic PageSign In (Members)
 Administrative / General / 6546
6545  |  6547
Subject: 
Member Password Center
Newsgroups: 
lugnet.admin.general
Date: 
Fri, 5 May 2000 18:49:41 GMT
Highlighted: 
! (details)
Viewed: 
493 times
  
I dug out my original password, it was a miracle I found it, actually, and
spent a little time playing with this:

http://www.lugnet.com/people/members/pw/

after Todd advised me it existed.

Leaving the issue of how secure passwords should be aside for the moment,
(we'll let the mischaracterisations slide for now, I just don't feel like
fighting today, no matter how incorrect stuff may be) I did want to comment on
this screen.

I think it's rather nice. I like the notion that as long as I know one
password, I can create another one. I think that's good. I also like that I can
have more than one password. Currently, as I understand it, they are all
equivalent and grant the same access. Some may say why would you need more than
one for the same thing?... but I immediately set up two additional passwords
that I can remember, although I had to really work hard at finding ones that
were easy to remember for me and passed (formerly) "casual" level checking.
Now, I am not at the mercy of remembering a single PW. I wish MORE sites were
like that! Tres useful.

I also like the idea of explicitly retiring a password, which encourages you to
get transitioned over smoothly. One of the biggest write down risks is right
after the system forces a change (which is why forced change can be bad when
it's used) because users write down their new PW because they are scared they
will forget it, even when they just chose it. So this is a good thing because
it lets you use the old one if you forget the new one. The advice not to
immediately sunset the old one is good.

Where I have some minor nits are as follows: Why limit me to 4 passwords? I
only have one left after I assigned my "friendly" 2 (until I sunset the one
Todd generated, which, hard to remember as it is, is pretty random, and
therefore as secure (under some theories) as you can get for the length)

Second, it would be nice if there were a way to sunset a password without
knowing what it is. Granted it's a bit of an exposure under one analysis, but
suppose for the sake of argument I now lose the hardcopy of Todd's generated
one, and can't remember it (I can't remember it right now, and I just typed it
in not 20 minutes ago). That slot is burned forever unless you still have your
password at hand.

It takes some clever thought, but it would certainly be nice if we can
determine a clean way. Perhaps just a note to Todd saying "flush the original
one, I lost it" which gives enough context to determine which to flush (or
"flush the most recent one I set, I don't mean it any more and I lost it", for
a different one)

Said note would have to be sent in a secure non spoofable manner (done via a
form while you were logged in perhaps, just as the request for a message to be
forwarded to interested Lugnetters would have to be (in my Helge post)). just
sending email might not be safe, that could be spoofed.

In summary I like this screen and if we go to multi level passwords I would
want a screen like it for each level, I suppose, not that I want to see Lugnet
ever go to multi level passwords.

++Lar



Message has 4 Replies:
  Re: Member Password Center
 
(...) One nit I forgot to post, in the retirement section: c /Type the new password you want to retire:/Type the OLD password you want to retire:/ ++Lar (25 years ago, 5-May-00, to lugnet.admin.general)
  Re: Member Password Center
 
Another usefull feature of being able to have multiple passwords, and to retire them at your leisure is that for those weird random times when you have a good reason to let someone else use your account (perhaps Todd needs to log on as you to debug (...) (25 years ago, 5-May-00, to lugnet.admin.general)
  Re: Member Password Center
 
(...) Cool, I just added a password I can actually remember. Some nitpicks, though: shouldn't the input fields be password fields instead of regular text fields (ie, asterisks instead of letters). Otherwise, there's not real point in retyping the (...) (25 years ago, 6-May-00, to lugnet.admin.general)
  Re: Member Password Center
 
Larry Pieniazek <lar@voyager.net> wrote in message news:Fu3oAt.I3I@lugnet.com... (...) Lets not. I was thinking about this yesterday. Is the answer to this not to have two "memorable" passwords, rather than one that looks like a missile launch (...) (25 years ago, 10-May-00, to lugnet.admin.general)

24 Messages in This Thread:









Entire Thread on One Page:
Nested:  All | Brief | Compact | Dots
Linear:  All | Brief | Compact
    

Custom Search

©2005 LUGNET. All rights reserved. - hosted by steinbruch.info GbR