Password validation security issue

Ian Kelly ian.g.kelly at gmail.com
Mon Mar 3 02:52:40 CET 2014


On Sun, Mar 2, 2014 at 6:16 PM, Steven D'Aprano
<steve+comp.lang.python at pearwood.info> wrote:
> People have managed physical keys for *centuries*. Yes, there are a class
> of threats where you lose your key, or someone steals it, or makes a
> copy, but the risks are well-understood and can be managed even by your
> grandmother. We have good solutions for those problems that work well,
> and many of them apply just as well to sticky notes with secure passwords
> written on them.

I don't know how well the analogy holds up.  People protect their
keys, because a) if they lose them, they can't get into their house or
business, and b) if they're stolen, somebody else could gain access
and steal expensive items from them.  People are less likely to
protect their sticky notes, because a) nobody is going to steal a
piece of paper, and b) if it does go missing, the IT guy is just one
phone call away, and c) who would want to break into my desktop
anyway? I don't have any trade secrets in there.



More information about the Python-list mailing list