The question is about how "harsh" the stick should be. Saying "MUST NOT"
when people very occasionally have legitimate reasons devalues the finding
and the advice. I think we have to be beat the point about the dangers and
encourage people to not use them.
I think the finding currently reflects the very best that we are going to
get in terms of such a stance, and that is the least objectionable to the
most number of people.
Cheers,
Dave
On Fri, Oct 10, 2008 at 6:23 AM, John Kemp <john.kemp@nokia.com> wrote:
>
> ext Elliotte Harold wrote:
>
>> Ray Denenberg, Library of Congress wrote:
>>
>>> A blanket admonishment: "do not ever, under any circumstance, use
>>> passwords
>>> in the clear", is fairly useless, most everyone will ignore it. People
>>> are
>>> not going to stop. Better to educate people on the dangers.
>>>
>>
>> Give that blanket admonishment, and then explain the reasons behind it;
>> but don't compromise the good advice because you think it may not be
>> followed by all people in all circumstances.
>>
>
> I wholeheartedly agree. What is the sense in continuing to implicitly
> condone these practices? Who would care?
>
> It is not that people will necessarily stop using passwords in the clear,
> but shouldn't we have a metaphorical stick to beat them with?
>
> - johnk
>
>