1997-10-23 - Re: PGP 5.5 and the corporate environment

Header Data

From: Antonomasia <ant@notatla.demon.co.uk>
To: cypherpunks@ssz.com
Message Hash: 61ebf22e45345c482280ec20dd2022745df6cbe17ff56e63f348f9b4977d5c45
Message ID: <199710231922.UAA03157@notatla.demon.co.uk>
Reply To: N/A
UTC Datetime: 1997-10-23 20:40:08 UTC
Raw Date: Fri, 24 Oct 1997 04:40:08 +0800

Raw message

From: Antonomasia <ant@notatla.demon.co.uk>
Date: Fri, 24 Oct 1997 04:40:08 +0800
To: cypherpunks@ssz.com
Subject: Re: PGP 5.5 and the corporate environment
Message-ID: <199710231922.UAA03157@notatla.demon.co.uk>
MIME-Version: 1.0
Content-Type: text/plain



> Just a small aside.  Our help desk handles about 50 to 75
> "I forgot my password" requests per day.  This might be one
> small motivating factor why corporations desire an alternative
> method to recover encrypted files.

>From my experience I'm sure most of those are due to
daft password aging mechanisms.

    over-frequent compulsory changes

    forcing a change at no notice
    (password expired - think of a new one RIGHT NOW)

    forcing a new password on Fridays
    (Monday morning: I know my _old_ password!)

I have practically no trouble remembering numerous passphrases upwards
of 20 mixed chars if I use them semi-regularly and they don't change often.

Anyway, when I have forgotten a long passphrase it has only been
temporarily - a few days.   If your employee is reasonably confident
of decrypting his work within the week you're no worse off than if
he'd fluffed his cooking ("stand in boiling water" or something).


--
##############################################################
# Antonomasia   ant@notatla.demon.co.uk                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################






Thread