West Lothian and email
ukcrypto@chiark.greenend.org.uk
ukcrypto at chiark.greenend.org.uk
Thu, 15 Jan 2009 19:13:35 +0000
Quoting David Hansen <davidh@spidacom.co.uk>:
> In
> a while they may have to look at passphrases, though it is easy to
> defeat the aim of securing things by making these so impractical that
> people write it on a piece of paper or whatever.
Writing passphrases down on bits of paper is fine. So long as that
bit of paper isn't then stuck to the monitor, or wrapped around the
disc, but is treated as the valuable bit of paper it is.
There's probably some research showing that written passphrases are
remembered more easily than forced-strong passwords. Or that people
find it trivial to turn a forced strong password into something weak.
Turns out the local MH trust have laptops encrypted with MacAffee
endpoint encryption, with strict protocols about not logging in with
someone else's password. (Which was understood and obeyed from the
tiny bit I saw.) So, thaat's a re-assuring bit of information.