--- On Mon, 11/29/10, McKown, John <[email protected]> wrote:
From: McKown, John <[email protected]> Subject: Re: A New Threat for password hacking To: [email protected] Date: Monday, November 29, 2010, 9:57 AM Each to his own. I prefer "the human touch" on password resets. But I'm an old paranoid <grin>. In my arrogance, somebody who cannot remember their RACF password likely can't remember their own name, either. A passphrase may be more difficult. But 8 stupid characters, max? Sure, it could be forgotten early on. And after a vacation. But we've had literally 8 or 10 password reset requests in a row from some of our off-shore users. Personally, I think they violate our standards and are sharing ids. But I can't prove it. John McKown Systems Engineer IV IT Administrative Services Group HealthMarkets(r) 9151 Boulevard 26 * N. Richland Hills * TX 76010 (817) 255-3225 phone * [email protected] * www.HealthMarkets.com John:A couple of sites I use on the internet now use phrase checking. What I have found is that they are inconsistant in checking the response which makes it really confusing. Example: Birth City:Some sites insist on capital letters eg New Yorkwhile some sites do not care if one types: new york I do not know if it is on purpose that it matters or what.I certianly hope IBM does not care. Ed ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
