; TOT; Piggin passwords

Mothers inside leg is tricky on two counts, 2 legs are rarely equal, at her age the measurements vary from month to month. Course, if cremated this is a another problem!!

And it is perfectly possible for the fingerprint sensor to check if it?s a live finger, and not one on a corpse etc.

Not if it only falls back when the fingerprint sensor stops working.

Aha. OK. ;-)

Minis like PDP and PR1ME were often networked, perhaps onto JANET. I wonder if some of your passwords allowed access to accounts on other boxes on the network. That would certainly have been interesting!

Yep, ran them up to the max so you will have to pay it off.

Huh ?

These are the entry/exit barriers into the building - only passed once.

It was to a certain degree. Nothing to get excited about though.

use mhallifwwasjan and mhallifwwasfeb, etc.

Most only check for 'identical' password reuse and not 'similar'.

There's a virtual screwfix voucher for anyone who can guess the origin of the password (which I haven't used on any real system).

Owain

But it's not extra security. It's extra convenience.

No you don't, but if you did, so what? Both methods tell you that the length is eight or more, so there's no difference in the amount of information divulged. But there's a considerable difference in usability, because one method requires you to count and spell at the same time, and the other doesn't.

He'd have to test those anyway.

But I take your point about altering user behaviour, I just don't think that brute force is a polite way to do it. There are plenty of password systems which rank your password strength but leave the final choice up to you. To my mind those are far preferable to systems which force people to use passwords that they wouldn't otherwise use, and therefore might feel compelled to write down.

Not necessarily. One that presents a picture of all the character positions does. One that asks for three random character positions often won't - it might wan characters 1, 2 and 4 for example.

If you are going to use that technique, then put up a line of say 15 boxes every time, and highlight the cells you want. That way you give away less.

IME most people do "password" the first month. Then passwordjan16, passeordfeb16 next month and so on...

The second was designed by a sensible person. The first wasn't. I was assuming the second.

You're actually giving away *more* by indicating that the length doesn't exceed 15.

Here's what I suggested again, unsnipped:

--------------------------------------------------------------- Instead of presenting us with something like this, where ? represents an input field:

Enter the 1st, 4th, 5th and 8th characters: ? ? ? ?

they could present us with:

Enter the requested characters: ? - - ? ? - - ?

---------------------------------------------------------------

Turning the first into the second requires no knowledge of the length of the password. It's giving nothing away that wasn't there in the first place.

which means that millions of people have no sense.

Phone them back.

On the number on your credit card or bank statement

And tell them why you are doing it.

After first dialling someone else to make sure they have put the phone down their end.

That's so true. Many security systems are not fit for purpose partly because they take little account of that fact.

Really?