[IRCServices] Re: [Andy Smith - IRCServices]

Andy Smith andy at strugglers.net
Mon Mar 19 17:10:51 PST 2001


On Mon, 19 Mar 2001 09:04:48 -0600, "Strider" <strider at chatcircuit.com>
wrote:

>You need to keep in mind that not every Tom Dick and Harry is the most
>computer literate person in the world or knows about making good passwords.
>Many people try to make passwords they can remember, like the name of their
>dog, their address, etc etc. It is very bad practice, but there is no way to
>just go out to the world and tell everyone their password is insecure, blah
>blah blah. Am I not right? I do try to tell my users to use strong
>passwords. Some do, some don't. You don't just abandone those who chose not
>to, because that is the majority, whether we like it or not.

A far better suggestion rather than chasing around after people who have had
their password guessed, is to be more stringent about passwords that people
choose either on registration or on changing password - something similar to
the way most modern unices validate account passwords?

But do you REALLY see so many users who genuinely have had their password
guessed?  I do not, it is almost always because they have intentionally
shared their password with other people.

-- 
Andy Smith <andy at strugglers.net>