I wrote: > Which is why, as Bruce Schneir recommends, you _write it down_.
Brad Rogers writes: > Yeah, on a Post-It note. Stuck to the monitor. That's what people do when you tell them not to write it down. _Tell_ them to write it down and tell them _how_. They keep their credit cards and cash safe: they can keep a little black book of passwords safe. Yes, it's a risk. It's a smaller one than the other choices, which are either memorable but weak passwords or strong ones that they will write down improperly no matter what they are told. If someone's little black book of passwords is lost or stolen, they will know it and will promptly change the passwords, most likely before the book falls into the hands of anyone who can actually use it. That is, if they were _authorized_ to create that book. If they weren't they won't want to admit having violated policy and so will say nothing and hope the passwords never get used. -- John Hasler -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
