[Mailman-Users] A Vote Against Passwords
dereks at kd-dev.com
Thu Aug 3 07:40:03 CEST 2000
-> >It's trivial to save a four-character password, and it's reasonable
-> >to expect a mailinglist member to do it.
-> This is one of the password's serious weaknesses. The passwords,
-> being random letters, are impossible to remember. So they get tossed.
-> Better would be to build a table of four letter words, and creating
-> passwords on combining two of them.
One algorithm I've seen would combine 4-6 letter words with
digits, so you get passwords like
...certainly strong enough for an unencrypted email system, and
easier to remember. Of course, I don't have time to implement this :)
-> I tell people not to save the password, but to save the place where
-> they can get the password sent to them when they need it. why save
-> the password? simply save the listinfo page URL, and you can have it
-> sent to you at any time, and you don't risk security breaches nearly
-> as much.
Well, there's the argument that the password flying acrossed the
net is a security risk, but if you need *real* security you should be on a
Passwords are only there to reduce abuse of people
subscribing/unsubscribing others without consent. Since that's never been
a problem on my lists, I would like to turn it off (and have a
subscription policy that does not require a confirmation).
More information about the Mailman-Users