[Cryptography] Of writing down passwords
Jason Richards
jjr2 at gmx.com
Tue Sep 23 07:01:33 EDT 2014
Abe Singer:
> [ Writing passwords down is a good security measure ]
Agreed, as most appear to be.
> My goal is to have a policy that has my users getting one really
> strong password that they never have to change, and they're allowed
> to write it down and keep it in a reasonably safe place.
How would that policy look? Would the policy protect against:
- online brute force attacks
- offline/stolen password database attacks
- phishing attacks
or would it assume that these are otherwise catered for or protected
against.
And how long is never? My Gmail password is probably over five years
old, my Hotmail/Live password is over ten, maybe over fifteen. Should it
last another fifteen?
J
More information about the cryptography
mailing list