Re: Screensaver takes too much time to fade-out...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 2011-12-16 at 13:08 -0500, Robert Moskowitz wrote:
> On 12/16/2011 12:45 PM, Patrick O'Callaghan wrote:
> > On Fri, 2011-12-16 at 17:21 +1030, Tim wrote:
> >> On Thu, 2011-12-15 at 13:08 +0000, Jake Shipton wrote:
> >>> My next advise would be to do the following:
> >>>
> >>> 1) Regularly change your password, say every 3/6 months.
> >> Personally, I don't see the point in this.  I think it's a fallacy.
> > +1
> >
> > This is one of those corporate "Best Practices" which someone made up
> > back in the mainframe era when dinosaurs roamed the Earth.
> 
> And passwords were limited to 8 characters.  I remember the days well.
> 
> > It may have
> > made a little sense then. I believe the argument was "You're going to
> > make up some lame password anyway, so at least change it from time to
> > time". It makes absolutely no sense now. Use a password generation tool
> > or one of the many ways of getting a memorable but hard to guess
> > passphrase.
> >
> > Unfortunately, a large part of the corporate Internet hasn't got the
> > memo, so they keep forcing you to go through this nonsense. I just went
> > through a security audit in which the external auditors insisted on it
> > over our strenuous objections. I think we're going to replace passwords
> > with a token-based authentication system, which is a damned sight more
> > secure anyway.
> 
> Again, read:  http://www.cryptosmith.com/password-sanity
> 
> Richard can supply your IT with some common sense.  Or if they prefer 
> Schniener, I can probably contact him for a reference URL...

Thanks, but the rules are established by a global-level corporation (NDA
precludes me from saying who they are but you would recognize the name)
and we just get to apply them.

> We just switched from the RSA hard tokens to the soft tokens.  'More' 
> secure.  This is an interim step, as we are expecting to be eating our 
> own dog food sooner rather than later.

With my corporate hat on, one of our products is a competing token based
on OATH, including a credit-card form factor with an e-ink display
(write me off-list if you're interested), however the specific use case
I'm discussing here is for local console login. A PKI thumbdrive would
work fine.

poc

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux