[IRCServices] Re: [Andy Smith - IRCServices]

Strider strider at chatcircuit.com
Mon Mar 19 17:03:00 PST 2001 

You need to keep in mind that not every Tom Dick and Harry is the most
computer literate person in the world or knows about making good passwords.
Many people try to make passwords they can remember, like the name of their
dog, their address, etc etc. It is very bad practice, but there is no way to
just go out to the world and tell everyone their password is insecure, blah
blah blah. Am I not right? I do try to tell my users to use strong
passwords. Some do, some don't. You don't just abandone those who chose not
to, because that is the majority, whether we like it or not.

If any feel this is a big issue and want it fixed, I suggest making a logon
news, motd entry, and a web page for your irc server stating the fact you
want your users to make strong passwords. This will NOT force every single
user to do so, so don't be surprised if it doesn't even work.

Suggestion on a feature:
Allow services to make a randomly generated password. Perhaps /msg nickserv
register RANDOM email would do it rather than set it to random. Since the
services does reply to you with the password you entered, the user has a
chance to write down the password.

Beau (Strider) Steward
chatcircuit administrator and 6bit band member
strider at chatcircuit.com        www.chatcircuit.com
ircadmin at chatcircuit.com     irc.chatcircuit.com
strider at 6bit.net                    www.6bit.net
----- Original Message -----
From: "Andy Smith" <andy at strugglers.net>
To: <ircservices at ircservices.za.net>
Sent: Monday, March 19, 2001 8:20 AM
Subject: Re: [IRCServices] Re: [Andy Smith - IRCServices]


> On Sun, 18 Mar 2001 17:42:52 +0200, Partizanu <silvius at expres.ro> wrote:
>
> >Imagine this:
> >Some user, let`s say Guest007 come to you and say:
> >- Hello my dear services admin! I have a problem. User BadGuest stole my
password
> >and I want my nick back. Can you do something about this?
>
> In this situation, BadGuest was given the password by the user, or else
the
> user did something to allow BadGuest to easily guess it.  That is the
user's
> problem.
>
> The other slim possibility is that the IRC network itself has someone
> sniffing passwords on it.  That is a problem that needs to be solved, and
no
> part of services can solve it for you.
>
> The vast majority of "password stealing" incidents are down to users
sharing
> their passwords.
>
> --
> Andy Smith <andy at strugglers.net>
>
> -----------------------------------------------------------
> To unsubscribe, mail ircservices-request at ircservices.za.net
> with the word UNSUBSCRIBE in the subject of the mail.
> http://www.ircservices.za.net/mailman/listinfo/ircservices
>