Path: utzoo!utgpu!watmath!clyde!att!osu-cis!tut.cis.ohio-state.edu!mailrus!uflorida!gatech!dcatla!holos0!lbr From: lbr@holos0.UUCP (Len Reed) Newsgroups: comp.unix.wizards Subject: Re: Here's a *BRILLIANT* password idea! (Sarcasm on) Message-ID: <1526@holos0.UUCP> Date: 30 Nov 88 15:04:31 GMT References: <438@amanue.UUCP> Organization: Holos Software, Atlanta, GA Lines: 26 From article <438@amanue.UUCP>, by jr@amanue.UUCP (Jim Rosenberg): = Well now, net folk, since we're talking about good and bad ideas for passwords, = how does this idea strike you. (1) Restrict all passwords to a *MAXIMUM* of = 4 characters. (2) *PROHIBIT* anything but digits from appearing in a password. = = Isn't this nifty? You're probably thinking I'm a nut case. = = Well surprise: This exact password system is ***IN USE***!!! In (are you = ready:) ***BANKS***!!! I am not kidding. Do you have an Automatic Teller = Machine card? What does your password look like? Every time I've been given = one of those things the password was just 4 digits!!!!!!! You have to have physical possession of the card, too, not just knowledge of the account number. The "password" merely stops someone from using the card between the time it is stolen and the theft is reported to and dealt with by the bank. It's a backup to the main security stategy-- possession of the card. Not exactly the same thing as a computer system with dial-in capability. The banks around here have a "three strikes and you're out" rule. If you put the card in and fail three times to get the password right the machine keeps the card. BTW, I do think you're a nut case. -- - Len Reed