Previous Thread
Next Thread
Print Thread
Rate Thread
Joined: Sep 2002
Posts: 553
UGN Super Poster
OP Offline
UGN Super Poster
Joined: Sep 2002
Posts: 553
Companies should not ban employees from writing down their passwords because it forces users to use the same weak term on many systems, according to a Microsoft security guru.

Speaking on the opening day of the AusCERT conference on Australia's Gold Coast, Jesper Johansson, senior programme manager for security policy at Microsoft, said the security industry had been giving out the wrong advice to users by telling them not to write down their passwords.

"How many have password policy that says 'under penalty of death you shall not write down your password'?" asked Johansson, to which the majority of delegates raised their hands in agreement. "I claim that is absolutely wrong. I claim that password policy should say you should write down your password. I have 68 different passwords. If I am not allowed to write any of them down, guess what I am going to do? I am going to use the same password on every one of them," he said.

According to Johansson, use of the same password reduces overall security.

"Since not all systems allow good passwords I am going to pick a really crappy one, use it everywhere and never change it. If I write them down and then protect the piece of paper � or whatever it is I wrote them down on � there is nothing wrong with that. That allows us to remember more passwords and better passwords," said Johansson.

Johansson said the security industry had been giving out the wrong advice about passwords for 20 years.

Delegates at the conference agreed that Johansson's advice made sense. However, they did not think it was practical.

One IT administrator from an international entertainment company, who requested anonymity, said that despite it being strict company policy to not make a note of passwords, he collated his personal passwords in an encrypted file because it "made more sense" than trying to remember multiple strong passwords.

Another delegate from a government agency, who also requested anonymity, said storing a password list in an encrypted file may work for the administrator but it would not work for users because they would then forget the password to decrypt the password file.

The delegate said that even using two-factor authentication � such as an RSA token � was not safe because people often write their pin number on a piece of paper and tape it to the back of the token.

"I know of a government minister that has done that," the delegate said.

SOURCE

Joined: Sep 2002
Posts: 553
UGN Super Poster
OP Offline
UGN Super Poster
Joined: Sep 2002
Posts: 553
well, he is a microsoft security guru ... so that explains everything laugh

Joined: Feb 2002
Posts: 7,203
Likes: 11
Community Owner
Offline
Community Owner
Joined: Feb 2002
Posts: 7,203
Likes: 11
I'm not going to bother reading this story to see what reasoning he has; but I'd like to add that there is no reason to write passwords down, people can easily "lift" papers and some have photographic memories...

People are tools, especially listening to morons such as this...


Donate to UGN Security here.
UGN Security, Back of the Web, and VNC Web Services Owner

Link Copied to Clipboard
Member Spotlight
Phatal
Phatal
Houston, TX
Posts: 298
Joined: April 2004
Forum Statistics
Forums41
Topics33,840
Posts68,858
Average Daily Posts1
Members2,176
Most Online3,253
Jan 13th, 2020
Latest Postings
Where and how do you torrent?
by danni75 - 03/01/24 05:58 AM
Animation,
by JohanKaariainen - 08/15/19 01:18 AM
Blackbeard.....
by Gremelin - 10/03/18 07:02 PM
my old account still exists!
by Crime - 08/10/18 02:47 PM
Okay WTF?
by HenryMiring - 09/27/17 01:45 AM
The History Thread...
by Gremelin - 08/11/17 12:11 PM
My friend NEEDS your HELP!
by Lena01 - 07/21/17 12:06 AM
I'm having fun with this guy.
by gabithompson730 - 07/20/17 01:50 AM
I want to upgrade my phone
by gabithompson730 - 07/20/17 01:49 AM
Doom 3
by Cyrez - 09/11/14 08:58 PM
Amazon Gift Card Generator/KeyGen?te
by Gecko666 - 08/22/14 09:21 AM
AIM scene 99-03
by lavos - 09/02/13 08:06 AM
Planetside 2
by Crime - 03/04/13 07:10 AM
Beta Testers Wanted
by Crime - 03/04/13 06:55 AM
Hello Everyone
by Gremelin - 02/12/12 06:01 PM
Tracfone ESN Generator
by Zanvin Green - 01/18/12 01:31 PM
Python 3 issue
by Testing - 12/17/11 09:28 PM
tracfone airtime
by Drache86 - 07/30/11 03:37 AM
Backdoors and the Infinite
by ZeroCoolStar - 07/10/11 03:52 AM
HackThisZIne #12 Releaseed!
by Pipat2 - 04/28/11 09:20 PM
gang wars? l33t-wars?
by Gremelin - 04/28/11 05:56 AM
Consolidate Forums
by diggin2deep - 04/21/11 10:02 AM
LAN Hacking Noob
by Gremelin - 03/12/11 12:42 AM
Top Posters
UGN Security 41,392
Gremelin 7,203
§intå× 3,255
SilentRage 1,273
Ice 1,146
pergesu 1,136
Infinite 1,041
jonconley 955
Girlie 908
unreal 860
Top Likes Received
Ghost 2
Cyrez 1
Girlie 1
unreal 1
Crime 1
Powered by UBB.threads™ PHP Forum Software 7.7.5