[cryptography] Password Blacklist that includes Adobe's Motherload?

ianG iang at iang.org
Fri Nov 15 02:53:41 EST 2013


On 15/11/13 06:35 AM, Kevin W. Wall wrote:

> Besides that, (unfortunately) it's a lot easier to change 'snoopy1' to 'snoopy2'
> then to 'snoopy3', etc. when your password inevitably changes. Plus, it makes
> a lot easier to remember than to start out with 'sn00py' and then go
> to 'sn11py',
> 'sn22py', etc. :-)

When I last worked in a formally controlled & certified security office, 
the password to the system was indeed securityN where N incremented 
every month when the system kicked back and insisted on a password change.

(oops, that's probably security leak...)

It reminds me of the story about the British health system that spent 
untold millions putting in individual smart token control systems, so as 
to control access to security-critical resources.

Every place discovered the same correct way to drive the system.  Access 
was sorted and aligned by seniority of staff, and every morning, the 
designated senior person would plug their token into a given device, 
then walk away and get back to work.



iang


More information about the cryptography mailing list