Blog is on pause, but please do enjoy my tweets :)


Our university changed it's password policy. Generally I think that requiring a totally new password every 6 months or even more frequently with numbers and special marks, lowers the level of network security.

-I really think that next 12 months, most of the accounts could be hacked using insignia of user and the birthday of girl- or boyfriend, or the other way around..

I'm sure that somebody still wants to make a good password. And now, when you cannot circulate even parts of those good memorable ones, there has to be places where all those good, new password are written down. -Typically, if you reach somebody's workdesk, you should loook under the keyboard.
But also an interesting point is that how are the old inusable passwords being stored? Those have to be uncrypted, mustn't they? And who has the access for analysing these? -The ways of constructing a typical password.

It's nice to be out from the engineering closet. To be able to see how bullet proof system can be demolished by frustrated users. And the reason for the frustration is a system itself, designed For the system, not for the users.

No comments: