[colug-432] password survey
Richard Hornsby
richardjhornsby at gmail.com
Thu May 22 21:37:50 EDT 2014
On May 22, 2014, at 17:26 , Judd Montgomery <judd at jpilot.org> wrote:
> A friend just sent me something a little silly on this topic that I
> figured I'd share.
>
> During a recent password audit by a company, it was found that an
> employee was using the following password:
> "MickeyMinniePlutoHueyLouieDeweyDonaldGoofySacramento" When asked why
> she had such a long password, she rolled her eyes and said: "Hello! It
> has to be at least 8 characters and include at least one capital.”
I realize that this is a little tongue-in-cheek and that my response is not ...
A valid retort might be: "Instead of asking me why my password is so long, let me ask you what encryption method are you using that you’re able to read out everyone’s password like that?” Pushing further, "Do you understand the risk to our company (and likely our customers) if a bad guy gets into our stuff, because you have passwords stored in a reversible, or worse, plaintext format?” And poking them just a little more for good measure, "Do you, mr security person giving me grief about my insanely long password, not understand what a one-way hash is?"
Sorry, I get annoyed by foolish waste of energy in this space that seems entirely directed at the wrong problem.
More information about the colug-432
mailing list