Ofcom Do Security
dom at earth.li
Sun Aug 8 10:01:42 BST 2010
On Sat, Aug 07, 2010 at 06:55:40PM +0100, Dave Howe wrote:
> Brian Gladman wrote:
> > I REALLY loathe sites that enforce their own ideas on what should be in
> > passwords.
> I find the ones that enforce rules on recovery password answers even
> more annoying.
> "wife's maiden name" - I have seen it complain it doesn't like a
> character (it has a - in it) or is too short/too long.
Since password recovery phrases only serve to diminish the security of
the overall account, if I'm forced to use them I'll just pick a random
string rather than a piece of information which is, in principle at
least, a matter of public record. I then store my made up answer in a
trusted secrets store, of course.
You do get all sorts of bizzare combinations on web sites though.
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
More information about the ukcrypto