[Mailman-Users] A Vote Against Passwords

[Chuq Von Rospach]

At 3:29 PM -0700 8/2/00, Dan Mick wrote:

>It's trivial to save a four-character password, and it's reasonable
>to expect a mailinglist member to do it.

This is one of the password's serious weaknesses. The passwords, 
being random letters, are impossible to remember. So they get tossed. 
Better would be to build a table of four letter words, and creating 
passwords on combining two of them. It'd still be effectively 
impossible to crack, even if the cracker had the list, and it'd be a 
lot easier on the user.

>  > Myself I never bother saving password requests because often I am on and
>>  off a list within the month anyway and if I'm on it for more than a
>>  month I'm there to stay.
>
>I sure hope you save the unsubscribe instructions and any optional
>passwords *some*where, so that you can unsubscribe yourself as
>necessary.

I tell people not to save the password, but to save the place where 
they can get the password sent to them when they need it. why save 
the password? simply save the listinfo page URL, and you can have it 
sent to you at any time, and you don't risk security breaches nearly 
as much.

-- 
Chuq Von Rospach - Plaidworks Consulting (mailto:chuqui at plaidworks.com)
Apple Mail List Gnome (mailto:chuq at apple.com)

And they sit at the bar and put bread in my jar
and say 'Man, what are you doing here?'"