Date: Fri, 8 Apr 2016 07:00:03 +0200 From: Patrick Proniewski <patpro@...pro.net> To: passwords@...ts.openwall.com Subject: Re: Password creation policies On 08 avr. 2016, at 00:20, e@...tmx.net wrote: >> We also provide our staff with a self hosted password storage web application. > > ../.. > Besides that, trusting your password to a program raises some certain "identity issues": You do not authenticate yourself in this case, you authenticate a program. I do not want to allow a program potentially impersonate myself. In our particular case, the password safe can technically open some kind of sessions (rdp, ssh) on user's behalf but that's a very unpopular feature (web client...). Our goal here is to promote long and unique passwords by telling the user s/he is not forced to remember those pwd. It allows us to securely transmit passwords too (read only or read write delegation, or changing owners). patpro
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.