Sorry, I really need to proof read before I hit send... On Thu, Feb 26, 2015 at 1:01 PM, Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote: > There are no examples of this being successfully foisted on users yet > either. i.e. no examples of such a password matrix UI on any distro or platform. Usability impact is totally unknown. >>> OK yet my bank card 4 digit PIN doesn't rotate. It never expires. It's >>> been the same for 8+ years. >> >> it's also locked out after 3 unsuccessful attempts and requires possession of >> hardware token, not a favourable comparison > > Perhaps not favorable, but it's quite useless and relevant because > it's exactly what any ordinary user wonders when they're burdened with > disproportionate password requirements. Not favorable, but useful and relevant... -- Chris Murphy -- security mailing list security@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/security
