[OpenID] OpenID and SSO
Anders Feder
lists.anders at feder.dk
Sat Jun 28 03:33:52 UTC 2008
Well, 'policy' and 'practice' are two different things.
fre, 27 06 2008 kl. 20:28 -0700, skrev SitG Admin:
> >once you're inside you tend to have access to it all.
>
> As a matter of policy, the passwords that have the greatest need to
> be secure ought to be more difficult to remember - they can't be
> written down or frequently used (the latter nullifies this and the
> latter weakens it). As a general principle, any password that
> requires you to sit there for a few minutes just to figure out what
> it was, has greater security.
>
> The same could apply to other areas. Take the physical token you
> carry around with you all the time, versus the one that is locked up
> in the vault at a local bank - someone mugs you for the everyday
> token and doesn't get the ability to make any severe changes.
>
> -Shade
>
--
Anders Feder <lists.anders at feder.dk>
More information about the general
mailing list