Need to Retain Encryption Keys
Michael Bacon
MBacon at snci.co.uk
Mon, 20 Mar 2000 09:42:01 -0000
Figures from the Help Desks of many companies show password resets
(resetting the access control passwords for users who have forgotten
their's) averaging 10 to 15% per month. The Security Manager of one large
American bank stated at a conference in London three years ago that
implementing a new system had _reduced_ their resets _to_ ten percent -
echoed by a US insured two years later. It is an important point.
Michael (Streaky) Bacon
____
~(____)>
" "
The views expressed herein are my own and
do not necessarily reflect those of my employer
> -----Original Message-----
> From: Alan Ramsbottom [mailto:ACR@als.co.uk]
> Sent: 19 March 2000 18:34
> To: 'ukcrypto@maillist.ox.ac.uk'
> Subject: RE: Need to Retain Encryption Keys
>
>
> > From: Caspar Bowden [mailto:cb@fipr.org]
>
> > That point was never answered, nor have we had any answer on
> > how in practice does the HO expect a defendant to show on balance
> > of prob. that they HAVE FORGOTTEN A KEY.
>
> For reference, I recall a Microsoft claim (on the Exchange
> site somewhere)
> that around 10% of users forget the passwords for their keys
> each year.
>
> A similar HO answer on key destruction would be handy.
>
> -Alan-
>