[Mailman-Users] A Vote Against Passwords

[Derek Simkowiak]

-> >It's trivial to save a four-character password, and it's reasonable
-> >to expect a mailinglist member to do it.
-> 
-> This is one of the password's serious weaknesses. The passwords, 
-> being random letters, are impossible to remember. So they get tossed. 
-> Better would be to build a table of four letter words, and creating 
-> passwords on combining two of them.

	One algorithm I've seen would combine 4-6 letter words with
digits, so you get passwords like

love5pizza
say9more
bread2flee

	...certainly strong enough for an unencrypted email system, and
easier to remember.  Of course, I don't have time to implement this :)


-> I tell people not to save the password, but to save the place where 
-> they can get the password sent to them when they need it. why save 
-> the password? simply save the listinfo page URL, and you can have it 
-> sent to you at any time, and you don't risk security breaches nearly 
-> as much.

	Well, there's the argument that the password flying acrossed the
net is a security risk, but if you need *real* security you should be on a
VPN anyhow.

	Passwords are only there to reduce abuse of people
subscribing/unsubscribing others without consent.  Since that's never been
a problem on my lists, I would like to turn it off (and have a
subscription policy that does not require a confirmation).


--Derek