[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Password resets

Mike McGrath wrote:
On Wed, 11 Mar 2009, Lyos Gemini Norezel wrote:

Mike McGrath wrote:
I think we shouldn't go too far out of our way for people that can't
follow directions.  Harsh?  Yes, but what we asked of people was
incredibly trivial.  I'd be fine with asking people to log in but I'd
think we'll find lots of people find that confusing.  Logging in and
setting your password is a task that has a clear begining and end.  I can
see people logging in expecting to see further directions and then asking
"now what"?

Why tell them at all? If you change it to 'activity shown on account' (which,

NSHO?  who are you?


I did not really wish to reveal this, in public, however, since you asked...

I'm a former blackhat hacker, whom the government has banned from working ANY security and/or government job.

Suffice it to say, I understand security (or lack thereof) better than most, though I may be rusty/out of date in some areas.

I do not tell you this to brag, I actually regret my past more and more as I get older.
My 'prior life' has bought me more pain than glory.

the proper way)... the only reason for having people login will be immediately
obvious via
a properly worded email (ie., "Due to inactivity on your FAS account, your
account will be
terminated in 1 month, unless the following steps are taken...").

The only common point of entry for all of our services is the account
system and people rarely use it without being asked to so we'll still have
to do some emailing.

Aren't pkgdb, koji, bodhi and other services all apart of FAS?
If I'm right here... then I suspect people are logging into FAS more often than you believe.

We've just got so much else to do I'd hate to spend a lot of time and
effort to please a few people that can't spend less then a minute a year
(15 seconds every 2 months) to log in and type their password a couple of
times and the people that complained couldn't do that.

Many fail to realize that the same password they used before could be used
Hence the complaints.

Ehh, no.  Almost no one has complained that they actually had to change
their password to something else.  And you can be damn sure I'll spell
that out explicitly in the next email so everyone gets it.


As Toshio has already brought up on this list (after I brought it to his attention)... people have a tendency to select progressively weaker passwords every time they are forced to change one.

So your idea of 'security' is actually INTRODUCING more holes than it's plugging.

This is where my contribution to this argument ends.

I am not interested in fighting and the raised blood pressure that goes with it.

I have enough stress in my life... I am not about to add another debate/argument to that list.

Take my advice or don't... just don't expect me to do anything other than laugh and say 'told ya so',
when I prove correct.

Good luck (despite my 'tone' above, I mean that),

Lyos Gemini Norezel
fn:Lyos Norezel
adr:;;;;Ohio;;United States
email;internet:Lyos GeminiNorezel gmail com
title:Computer Repair Technician
note;quoted-printable:"Those who hunt monsters beware, lest they become monsters themselves.Ify=
	ou stare long into the abyss, the abyss stares back into you." --Nietzsch=
	Mundus Vult Decipi et Decipiatur -- Latin Proverb

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]