Re: [Full-disclosure] guidelines for good password policy and maintenance / user centric identity with single passwords (or a small number at most over time)

[Anders B Jansson <hdw@xxxxxxxxxxx>]

James Longstreet wrote:
> On Mar 26, 2006, at 12:12 PM, Anders B Jansson wrote:
>
> > And even then they fail the actual user has a gun at his temple.
>
> Frankly, this is true of just about any authentication scheme.

Exactly, so how far should you drive your requirements for an authentication 
scheme?

Pushing requirements to far will lead to weaker security and higher cost 
without any gain.

--
// hdw

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/