[Fwd: Re: Co-op Bank and Verified by Visa]
Ian Batten
igb at batten.eu.org
Sun Jun 21 22:55:17 BST 2009
On 21 Jun 2009, at 16:11, Roland Perry wrote:
> In article <4A3D2BB5.8080402 at ernest.net>, Nicholas Bohm <nbohm at ernest.net
> > writes
>> I can memorise complex passwords that have to be entered in full,
>> or use
>> an encrypted vault; but passwords where I may have to enter the
>> 1st, 4th
>> and 7th characters have to be simple enough to count along while
>> remembering them, or have to be written down where I can number the
>> characters, all of which makes for poor conventional security.
>
> I was asked recently for the "5th, 6th & 7th" characters of a
> password. If they'd said "the last three" (which it was) it would
> have avoided lots of counting on my fingers while reciting it in my
> head, as I worked out what they were.
And of course, one thing that the current system does is set a lower
bound on the length of the punter's passphrase. If you're engaged
in a social engineering attack and have a collection of possible
phrases they might be using, that may reduce the set quite
substantially.
ian
More information about the ukcrypto
mailing list