List:General Discussion« Previous MessageNext Message »
From:Jørn Dahl-Stamnes Date:January 20 2010 12:08pm
Subject:Re: Record old passwords ?
View as plain text  
On Wednesday 20 January 2010 01:10, Daevid Vincent wrote:
> > -----Original Message-----
> > From: John Meyer [mailto:john.l.meyer@stripped]
> > Sent: Monday, January 18, 2010 5:04 PM
> > To: colin@stripped; mysql@stripped
> > Subject: Re: Record old passwords ?
> >
> > Although, on an OT, forcing people to not use a password that they
> > have recently used is a bad idea.  What they eventually do is go with
> > something like "hometown01" "hometown02", etc.  Or worse, they start
> > writing down their passwords which is a whole other security problem.
>
> Amen to that. At my work, they require a password change every month, but
> they store the last 6 passwords you used, so I do exactly what you say -- I
> have a logbook and store the same 6 passwords in it and just cycle them.
> Other "tricks" I do, is use a pattern on the keyboard and just shift it.
> None of this is secure, and I totally know it (although I'm not picking
> "secret" or something as my PW, it's random letters/numbers/symbols). But I
> hate the policy and I'm kind of a rebel like that. ;-p

Several years ago I worked at a place where users had to change their windows 
password every N month and they kept a long history log of used password.

My solution to this was to write a program that asked me for my current 
password and how many previous used password the system remembered. The 
program worked like this:

for (n = 0; no_of_stored_password > n; n++) {
  set_password(random_generated_password);
  do_a_short_sleep();
}
set_password(original_password);

... and the problem was solved :)

-- 
Jørn Dahl-Stamnes
homepage: http://www.dahl-stamnes.net/dahls/
Thread
Record old passwords ?Tompkins Neil18 Jan
  • Re: Record old passwords ?SH18 Jan
  • Re: Record old passwords ?Carsten Pedersen18 Jan
  • Re: Record old passwords ?Colin Streicher19 Jan
    • Re: Record old passwords ?John Meyer19 Jan
      • RE: Record old passwords ?Daevid Vincent20 Jan
        • Re: Record old passwords ?Jørn Dahl-Stamnes20 Jan
          • Re: Record old passwords ?Tompkins Neil22 Jan
            • Re: Record old passwords ?Suresh Kuna27 Jan
    • Re: Record old passwords ?Carlos Proal19 Jan
      • Re: Record old passwords ?Tompkins Neil19 Jan
        • Re: Record old passwords ?Tompkins Neil19 Jan
          • Re: Record old passwords ?Mark Goodge19 Jan
            • Re: Record old passwords ?John Meyer21 Jan
              • RE: Record old passwords ?Jerry Schwartz21 Jan
          • Re: Record old passwords ?Lucio Chiappetti21 Jan
            • Re: Record old passwords ?Mark Goodge21 Jan
        • Re: Record old passwords ?Mark Goodge19 Jan
Re: Record old passwords ?Tompkins Neil19 Jan