[Fwd: Re: Co-op Bank and Verified by Visa]
Brian L Johnson
brian at thejohnsons.co.uk
Mon Jun 22 16:47:39 BST 2009
Roland Perry <lists at internetpolicyagency.com> wrote:
> In article
> <C0BFE9BC4DE1C54E96C3901CD7A8F16E1D58BC05A2 at EXSAN02.campus.ncl.ac.uk>, C
> R Ritson <c.r.ritson at newcastle.ac.uk> writes
>>> I can memorise complex passwords that have to be entered in full, or
>>> use
>>> an encrypted vault; but passwords where I may have to enter the 1st,
>>> 4th
>>> and 7th characters have to be simple enough to count along while
>>> remembering them, or have to be written down where I can number the
>>> characters, all of which makes for poor conventional security.
>>
>> How about insisting on a pass PHRASE so that the dialog can ask for N
>> from M random words in the pass phrase? Has this been done anywhere?
>>
>> Chris Ritson (Computing Officer and School Safety Officer)
>
> That's in effect what happens for those banking/etc sites which have a
> number of shared secrets and ask you one or the other at random.
>
> (You don't have to tell the truth, or even give a coherent answer to
> questions like "your favourite colour". "Penzance" would work.)
The problem then arises (again) that you have to remember that your
favourite colour is Penzance, your first pet was a jellybaby and your
mother's maiden name is 2dot718283dot14159
--
-blj-
More information about the ukcrypto
mailing list