28 Jun 05:33
Re: [OpenID] OpenID and SSO
From: Anders Feder <lists.anders <at> feder.dk>
Subject: Re: [OpenID] OpenID and SSO
Newsgroups: gmane.comp.web.openid.general
Date: 2008-06-28 03:33:52 GMT
Subject: Re: [OpenID] OpenID and SSO
Newsgroups: gmane.comp.web.openid.general
Date: 2008-06-28 03:33:52 GMT
Well, 'policy' and 'practice' are two different things. fre, 27 06 2008 kl. 20:28 -0700, skrev SitG Admin: > >once you're inside you tend to have access to it all. > > As a matter of policy, the passwords that have the greatest need to > be secure ought to be more difficult to remember - they can't be > written down or frequently used (the latter nullifies this and the > latter weakens it). As a general principle, any password that > requires you to sit there for a few minutes just to figure out what > it was, has greater security. > > The same could apply to other areas. Take the physical token you > carry around with you all the time, versus the one that is locked up > in the vault at a local bank - someone mugs you for the everyday > token and doesn't get the ability to make any severe changes. > > -Shade > -- -- Anders Feder <lists.anders <at> feder.dk>
RSS Feed