Packing for Gitmo, or, Security Is Often Kooky
Earlier today, I found myself needing to look up some old records from my undergrad institution. Normally that's fairly standard, but it required resetting my (years-past) password first.
In the process, I discovered they'd implemented some fairly hefty requirements: 8-14 characters, mixed case, with non alpha-numeric characters, changed every 6 months, is now the bare minimum for security. And you can't just push a button to get records reset- an in-person visit with Photo ID (or at least a faxed copy) is essential.
At first glance, that sounds pretty impressive. So I called the help desk.
"Oh, hey, we can do that over the phone! I just need your social security number to confirm your record!"
...Proving, once again, that no system is stronger than its weakest link. Or have I just been reading too much Schneier again?
In the process, I discovered they'd implemented some fairly hefty requirements: 8-14 characters, mixed case, with non alpha-numeric characters, changed every 6 months, is now the bare minimum for security. And you can't just push a button to get records reset- an in-person visit with Photo ID (or at least a faxed copy) is essential.
At first glance, that sounds pretty impressive. So I called the help desk.
"Oh, hey, we can do that over the phone! I just need your social security number to confirm your record!"
...Proving, once again, that no system is stronger than its weakest link. Or have I just been reading too much Schneier again?