On Wed, Dec 29, 2010 at 06:51, Paul M Foster <paulf@xxxxxxxxxxxxxxxxx> wrote: >> I agree that users should not use weak passwords, but not everyone goes everywhere with a vault. I am more then capable of memorizing 20 or so 16-32 character full set passwords. >> > > And so you assume everyone can do that? I can remember maybe 5 of the > passwords I regularly need. (I rarely repeat passwords for different > sites.) In addition, some passwords have been *assigned* to me and > cannot readily be changed (and are usually difficult to remember). Many > of the rest I so seldom use that it would be silly to try to remember > them. Particularly when I do have a password-locked file I can use to > record them for me. > Exactly. Even Lifehacker is now assigning passwords since the Gawker exploit. Lifehacker users cannot choose their own passwords anymore, they are assigned passwords. > Under the circumstances I described, I have yet to hear in what way > copying and pasting passwords compromises security of anything by > itself. Please enlighten me. > I think this is the underwear rule: never leave passwords/underwear out in the open where everyone can see them. Also, change them frequently. -- Dotan Cohen http://gibberish.co.il http://what-is-what.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
