Karl MacMillan wrote:
Generating passwords requires that the password be communicated to the admin in the clear which introduces shoulder surfers and screen scrapers to the threat model. In addition the password is not likely to be memorable enough to not be written down somewhere, and so further exposing it to risk of compromise.On Thu, 2007-09-06 at 14:27 -0700, Kevin McCarthy wrote:After some feedback from Bob and Pete, I'm removing the password generator and adding a confirm password field. (Just commented out for now in case people change their mind)What was the rationale for this?
Description: S/MIME Cryptographic Signature