I think the problem with writing them done is where you put them. Most
people would tend to put them under their mousepad. I have read that
Bruce Schneier recommends putting it in your wallet. That's ok, as long
as you don't write down your banking password, keep it next to your ATM
card and lose you wallet ;).
Nick
Gonzalo Martinez wrote:
Hi Stian
A few days ago i read a post at slashdot:
"Microsoft's senior program manager for security policy, Jesper
Johansson, presents a provocative but interesting view on password
policy: He claims that prohibiting users from writing down their
passwords is bad for security. His main point is that if users are
prohibited from writing down their passwords, they will use the same
easy to guess password everywhere." From the article: "Since not all
systems allow good passwords, I am going to pick a really crappy one,
use it everywhere and never change it...If I write them down and then
protect the piece of paper--or whatever it is I wrote them down
on--there is nothing wrong with that. That allows us to remember more
passwords and better passwords."
http://it.slashdot.org/article.pl?sid=05/05/24/2047228&tid=172
IMHO as a good BOFH you _MUST_ requiere that all employes use an
alphanumeric password (8 or 10 chars minimun)... if they dont his
emails, files, or anything else can be redirected to /dev/null ;)
No, seriously, i never heard of a "scientific analytical/statistical
research" about this subject.
But take a look at the post on slashdot
good bye
--
Nick Owen
WiKID Systems, Inc.
404.962.8983 (desk)
404.542.9453 (cell)
http://www.wikidsystems.com
At last, two-factor authentication, without the hassle factor
