[Fwd: Re: Co-op Bank and Verified by Visa]
Roland Perry
lists at internetpolicyagency.com
Mon Jun 22 15:00:09 BST 2009
In article
<C0BFE9BC4DE1C54E96C3901CD7A8F16E1D58BC05A2 at EXSAN02.campus.ncl.ac.uk>, C
R Ritson <c.r.ritson at newcastle.ac.uk> writes
>>I can memorise complex passwords that have to be entered in full, or use
>>an encrypted vault; but passwords where I may have to enter the 1st, 4th
>>and 7th characters have to be simple enough to count along while
>>remembering them, or have to be written down where I can number the
>>characters, all of which makes for poor conventional security.
>
>How about insisting on a pass PHRASE so that the dialog can ask for N from M random words in the pass phrase? Has this been done anywhere?
>
>Chris Ritson (Computing Officer and School Safety Officer)
That's in effect what happens for those banking/etc sites which have a
number of shared secrets and ask you one or the other at random.
(You don't have to tell the truth, or even give a coherent answer to
questions like "your favourite colour". "Penzance" would work.)
--
Roland Perry
More information about the ukcrypto
mailing list