From owner-freebsd-security  Sat Jan 13 15:36: 9 2001
Delivered-To: freebsd-security@freebsd.org
Received: from isr5429.urh.uiuc.edu (isr5429.urh.uiuc.edu [130.126.209.169])
	by hub.freebsd.org (Postfix) with SMTP id 7FF7E37B400
	for <security@freebsd.org>; Sat, 13 Jan 2001 15:35:52 -0800 (PST)
Received: (qmail 40320 invoked by uid 1000); 13 Jan 2001 23:35:52 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 13 Jan 2001 23:35:52 -0000
Date: Sat, 13 Jan 2001 17:35:51 -0600 (CST)
From: Frank Tobin <ftobin@uiuc.edu>
X-X-Sender:  <ftobin@palanthas.neverending.org>
To: Dru <genisis@istar.ca>
Cc: <security@freebsd.org>
Subject: Re: opinions on password policies
In-Reply-To: <Pine.BSF.4.21.0101131321210.89486-100000@genisis>
Message-ID: <Pine.BSF.4.31.0101131726030.40290-100000@palanthas.neverending.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

While this may not be applicable to your situation, I feel that the best
policy is to demand public-key authentication.  The reason for this is to
limit the human factor, not demanding the user remember yet another unique
password.  If forced to remember another password, most users (including
myself) will often re-use a password they use at another place.

If your system is compromised, you do not to help the attackers, who are
now likely, get into other accounts the user might have other places
because they reused the pasword.  On the flip side, it would be best that
if the user was compromised someplace else, it won't help the attackers
use the authentication information to get into the victim's account on
your system.  Public-key systems prevent this sort of "chain-reaction"
account breakage.

-- 
Frank Tobin		http://www.uiuc.edu/~ftobin/



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message