HP3000-L Archives

January 2006, Week 5

HP3000-L@RAVEN.UTC.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: User passwords.
From:
"Johnson, Tracy" <[log in to unmask]>
Reply To:
Johnson, Tracy
Date:
Tue, 31 Jan 2006 21:14:33 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (87 lines) 
I'm a long-time user of Security/3000 and I advocate its use.

However, given the entertaining prospects of replying, here goes.

Given all the requirements of the previous messages here's what I came
up with.

#1  Buy a hard-bound 4 column ledger at your local office supply store. 

#2  Write down by columns name of each user, their username, their
password assigned, and the date.

#3  When the password rotation 'x' date arrives, change the user's
password with a new entry in the ledger.

#4  The user will have to come to your Department to retrieve it.

#5  At that time prior passwords can be checked by reading prior 'n'
changes on earlier pages to see if they've been used before.

#6  The ledger must be stored in the company's secure document vault or
safe and retrieved for daily use.

#7:  Start by adding 4 or 5 users to the ledger every day.  A 100
employee company should be added with a month.  When 'x' date rolls
around you only need change those 4 or 5 users per day, not the whole
company.  (This assumes that a larger, more professional company could
afford security softare and we wouldn't be having this discussion.)


- - - - - - - - - -

Cost?   $20 or $30 for the ledger plus your time.  In effect, the
company is paying you to manage the passwords.

Is that cheaper than purchasing software?  Only time will tell.



Tracy Johnson
Measurement Specialties, Inc. 

BT







NNNN


> -----Original Message-----
> From: HP-3000 Systems Discussion 
> [mailto:[log in to unmask]] On Behalf Of John Clogg
> Sent: Tuesday, January 31, 2006 7:13 PM
> To: [log in to unmask]
> Subject: Re: [HP3000-L] User passwords.
> 
> 
> There have been several postings advising the use of random password 
> generators.  I know some security experts recommend that 
> approach, but I 
> disagree.  The main problem with random strings of characters 
> is that they 
> are very hard to memorize, which means that you can pretty 
> much guarantee 
> that users will be writing down their passwords.  Those notes 
> with the 
> passwords on them will be cleverly hidden under the keyboard 
> or glued to the 
> monitor.  Great security, that!
> 
> John Clogg
> 
> _________________________________________________________________
> Don't just search. Find. Check out the new MSN Search! 
> http://search.msn.click-url.com/go/onm00200636ave/direct/01/
> 
> * To join/leave the list, search archives, change list settings, *
> * etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
> 

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2