[brlug-general] Email passwords are.. special?
Mathew Branyon
mat.branyon at gmail.com
Wed Feb 14 15:36:02 CST 2007
I don't like the hint system.. it can be easily broken (I've done it)...
--mat
Dustin Zimmerman wrote:
> Thats a good practice if you can get the people to use things to jog their memory as to what their password is rather than writing the password itself somewhat like a lot of websites do is just a hint.
>
> ----- Original Message -----
> From: general-bounces at brlug.net on behalf of Mathew Branyon
> Sent: Wed, 2/14/2007 11:23am
> To: general at brlug.net
> Subject: Re: [brlug-general] Email passwords are.. special?
>
>
> I am going to assume the position of a consultant (since that is my
> perspective). I think it depends on how secure your clients want to
> be. I have some clients that will actually change their passwords to
> their usernames. I know some that when I am working on their computer,
> and ask them to put in their passwords, they actually take the keyboard
> from me and put it in (which is the ideal practice). The people from
> the first group, if forced to adhere to a good standard of password
> strength, are generally the type to write it down on a sticky note.
>
> I'd say yes, make the passwords separate. But you will get people
> asking you to reset passwords more often, or sticky notes with passwords
> everywhere too. But that completely depends on the client.
>
> In the case of the sticky note type people, there was an article about
> how to get these people to instate some sort of security on their sticky
> note (adding junk characters). While that is still not ideal, its a
> step in the right direction.
>
> --mat
>
> Dustin Puryear wrote:
>
>> So, there is always this conflict over whether accounts for email
>> (POP3, IMAP) should be tied to your normal account. In most
>> situations, companies are trying to consolidate accounts. And
>> companies with directories (be it LDAP or AD) definitely see this
>> trend continuing. Yet, there is the risk that a compromised email
>> password will then compromise the network.
>>
>> Now, let's assume that the communication channel is encrypted with
>> SSL. That should just be a given. But we still have the issue of
>> people having passwords stored on their phones, laptops, home
>> computers, etc., for their email. I know I've had several phones lost
>> in the past few years. None had my network information, but that could
>> have been there.
>>
>> What are your thoughts on whether email accounts should be separate
>> from normal network accounts? Pros? Cons? Should companies just not
>> allow external access to email via POP or IMAP and just require
>> Webmail access so users have to manually enter passwords? Does that
>> solve the real problem? I'm interested in hearing what everyone has to
>> say.
>>
>> ---
>> Puryear Information Technology, LLC
>> Baton Rouge, LA * 225-706-8414
>> http://www.puryear-it.com
>>
>> Author:
>> "Best Practices for Managing Linux and UNIX Servers"
>> "Spam Fighting and Email Security in the 21st Century"
>>
>> Download your free copies:
>> http://www.puryear-it.com/publications.htm
>>
>>
>> _______________________________________________
>> General mailing list
>> General at brlug.net
>> http://mail.brlug.net/mailman/listinfo/general_brlug.net
>>
>>
>>
>
> _______________________________________________
> General mailing list
> General at brlug.net
> http://mail.brlug.net/mailman/listinfo/general_brlug.net
>
> _______________________________________________
> General mailing list
> General at brlug.net
> http://mail.brlug.net/mailman/listinfo/general_brlug.net
>
>
More information about the General
mailing list