W3C home > Mailing lists > Public > www-tag@w3.org > October 2008

Re: Passwords in the clear update

From: David Orchard <orchard@pacificspirit.com>
Date: Fri, 10 Oct 2008 07:19:28 -0700
Message-ID: <2d509b1b0810100719m4c98c70gc60fd0f4c05b9d7b@mail.gmail.com>
To: "John Kemp" <john.kemp@nokia.com>
Cc: elharo@metalab.unc.edu, "Ray Denenberg, Library of Congress" <rden@loc.gov>, noah_mendelsohn@us.ibm.com, "Jonathan Rees" <jar@creativecommons.org>, www-tag@w3.org
The question is about how "harsh" the stick should be.  Saying "MUST NOT"
when people very occasionally have legitimate reasons devalues the finding
and the advice.  I think we have to be beat the point about the dangers and
encourage people to not use them.

I think the finding currently reflects the very best that we are going to
get in terms of such a stance, and that is the least objectionable to the
most number of people.


On Fri, Oct 10, 2008 at 6:23 AM, John Kemp <john.kemp@nokia.com> wrote:

> ext Elliotte Harold wrote:
>> Ray Denenberg, Library of Congress wrote:
>>> A blanket admonishment: "do not ever, under any circumstance, use
>>> passwords
>>> in the clear", is fairly useless, most everyone will ignore it. People
>>> are
>>> not going to stop. Better to educate people on the dangers.
>> Give that blanket admonishment, and then explain the reasons behind it;
>> but don't compromise the good advice because you think it may not be
>> followed by all people in all circumstances.
> I wholeheartedly agree. What is the sense in continuing to implicitly
> condone these practices? Who would care?
> It is not that people will necessarily stop using passwords in the clear,
> but shouldn't we have a metaphorical stick to beat them with?
> - johnk
Received on Friday, 10 October 2008 14:20:05 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 22:56:25 UTC