Final Word on the Password Problem

Jay R. Ashworth jra at baylink.com
Mon Jul 12 18:18:34 PDT 2004


On Mon, Jul 12, 2004 at 09:11:34PM -0400, Fairlight wrote:
> > | On Mon, Jul 12, 2004 at 03:49:38PM -0400, Nancy Palmquist wrote:
> > | | 
> > | | I have posted this comment many times over the years, but you should
> > | | assign a site password right now.  ALWAYS do it.
> > | | 
> > | | Write it down, put it in the safe and let it attach to your programs as
> > | | you work.  It will never bother you again.
> 
> No, no, no, and furthermore, no.  One does -not- write down passwords; one
> commits them to memory.  Doing otherwise is a violation of a basic tenet of
> security.  There -is- no safe place.  A "safe place" for written passwords
> is as much a misnomer as the ficticious, fabled, and oft-mis-cited "trusted
> system".  As with the phoenix and unicorn, such creatures simply do not
> exist.
> 
> I refrain from comment on passwords as applies to processing tables or
> fP in general.  My only quibble is with the very concept of writing down
> passwords or passphrases.

I agree with Bob, JP, and Mark, though I'll note that these days, it's
reasonably secure to write down all your passwords into an encrypting
password safe on your {PDA,cellphone,PC}, as long as that password safe
is itself of a reasonable level of security (good enough encryption,
scrubs ram and swap, etc).

Memorize the passphrase (yes, you'd better be able to use a
pass*phrase*) that you key that to...

and write it on a piece of paper, fold it 3 times, seal it in an opaque
envelope, and put it in a desk drawer where you will see it every day
(sign across the flap).

Tell your wife, or office assistant.

The goal, of course, is that if you have the poor grace to get hit by a
bus, people may need to get into some of your stuff -- you just need to
*know* if it happens, should you still be alive, so that you can Take
Measures.

Can't happen to *you*?

Shyeah, right.

http://ftp.arl.mil/~mike/

I guess his "final form" comment is accurate.


Cheers,
-- jra
-- 
Jay R. Ashworth                                                jra at baylink.com
Designer                          Baylink                             RFC 2100
Ashworth & Associates        The Things I Think                        '87 e24
St Petersburg FL USA      http://baylink.pitas.com             +1 727 647 1274

	"You know: I'm a fan of photosynthesis as much as the next guy,
	but if God merely wanted us to smell the flowers, he wouldn't 
	have invented a 3GHz microprocessor and a 3D graphics board."
					-- Luke Girardi


More information about the Filepro-list mailing list