Re: Passwords in the clear update

The question is about how "harsh" the stick should be.  Saying "MUST NOT"
when people very occasionally have legitimate reasons devalues the finding
and the advice.  I think we have to be beat the point about the dangers and
encourage people to not use them.

I think the finding currently reflects the very best that we are going to
get in terms of such a stance, and that is the least objectionable to the
most number of people.

Cheers,
Dave

On Fri, Oct 10, 2008 at 6:23 AM, John Kemp <john.kemp@nokia.com> wrote:

>
> ext Elliotte Harold wrote:
>
>> Ray Denenberg, Library of Congress wrote:
>>
>>> A blanket admonishment: "do not ever, under any circumstance, use
>>> passwords
>>> in the clear", is fairly useless, most everyone will ignore it. People
>>> are
>>> not going to stop. Better to educate people on the dangers.
>>>
>>
>> Give that blanket admonishment, and then explain the reasons behind it;
>> but don't compromise the good advice because you think it may not be
>> followed by all people in all circumstances.
>>
>
> I wholeheartedly agree. What is the sense in continuing to implicitly
> condone these practices? Who would care?
>
> It is not that people will necessarily stop using passwords in the clear,
> but shouldn't we have a metaphorical stick to beat them with?
>
> - johnk
>
>

Received on Friday, 10 October 2008 14:20:05 UTC