Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #67503

Re: Password validation security issue

References (4 earlier) <letdt5$1g3$1@ger.gmane.org> <CAPTjJmra0AjHYjk3G+2mSgsewpX0qcmcKpQtqnebHXsQfT2YqQ@mail.gmail.com> <mailman.7592.1393788339.18130.python-list@python.org> <roy-5B94F1.15010902032014@news.panix.com> <5313d7fe$0$29985$c3e8da3$5496439d@news.astraweb.com>
From Ian Kelly <ian.g.kelly@gmail.com>
Date 2014-03-02 18:52 -0700
Subject Re: Password validation security issue
Newsgroups comp.lang.python
Message-ID <mailman.7618.1393814245.18130.python-list@python.org> (permalink)

Show all headers | View raw

On Sun, Mar 2, 2014 at 6:16 PM, Steven D'Aprano
<steve+comp.lang.python@pearwood.info> wrote:
> People have managed physical keys for *centuries*. Yes, there are a class
> of threats where you lose your key, or someone steals it, or makes a
> copy, but the risks are well-understood and can be managed even by your
> grandmother. We have good solutions for those problems that work well,
> and many of them apply just as well to sticky notes with secure passwords
> written on them.

I don't know how well the analogy holds up.  People protect their
keys, because a) if they lose them, they can't get into their house or
business, and b) if they're stolen, somebody else could gain access
and steal expensive items from them.  People are less likely to
protect their sticky notes, because a) nobody is going to steal a
piece of paper, and b) if it does go missing, the IT guy is just one
phone call away, and c) who would want to break into my desktop
anyway? I don't have any trade secrets in there.

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Password validation security issue Renato <rvernucio@gmail.com> - 2014-03-01 09:49 -0800
  Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-02 05:11 +1100
  Re: Password validation security issue Christian Heimes <christian@python.org> - 2014-03-01 19:31 +0100
  Re: Password validation security issue Tim Chase <python.list@tim.thechases.com> - 2014-03-01 12:38 -0600
  Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-02 05:43 +1100
  Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-02 05:45 +1100
  Re: Password validation security issue Christian Heimes <christian@python.org> - 2014-03-01 20:54 +0100
    Re: Password validation security issue Roy Smith <roy@panix.com> - 2014-03-01 15:25 -0500
      Re: Password validation security issue Christian Heimes <christian@python.org> - 2014-03-01 23:07 +0100
      Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-02 09:13 +1100
  Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-02 07:11 +1100
  Re: Password validation security issue Christian Heimes <christian@python.org> - 2014-03-02 20:25 +0100
    Re: Password validation security issue Roy Smith <roy@panix.com> - 2014-03-02 15:01 -0500
      Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-03 07:32 +1100
      Re: Password validation security issue Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-03-03 01:16 +0000
        Re: Password validation security issue Ian Kelly <ian.g.kelly@gmail.com> - 2014-03-02 18:52 -0700
          Re: Password validation security issue Steven D'Aprano <steve@pearwood.info> - 2014-03-03 04:38 +0000
            Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-03 16:44 +1100
            Re: Password validation security issue Ian Kelly <ian.g.kelly@gmail.com> - 2014-03-02 23:50 -0700
        Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-03 13:56 +1100
          Re: Password validation security issue Roy Smith <roy@panix.com> - 2014-03-03 08:41 -0500
            Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-04 00:55 +1100
              Re: Password validation security issue Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-03-03 16:46 +0000
                Re: Password validation security issue Chris Angelico <rosuav@gmail.com> - 2014-03-04 05:46 +1100
            Re: Password validation security issue MRAB <python@mrabarnett.plus.com> - 2014-03-03 16:29 +0000
            Re: Password validation security issue Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-03-03 17:41 +0000
  Re: Password validation security issue Renato <rvernucio@gmail.com> - 2014-03-02 15:10 -0800
    Re: Password validation security issue Ian Kelly <ian.g.kelly@gmail.com> - 2014-03-02 18:49 -0700
    Re: Password validation security issue Steven D'Aprano <steve+comp.lang.python@pearwood.info> - 2014-03-03 02:30 +0000

csiph-web