On Thu, 2005-04-21 at 21:10, Joel wrote: > And extra points if it prevents use of passwords too close to the > previous password(s), Doesn't that require keeping a copy of the password in a form that can be decrypted? That seems much more dangerous than the chance of the next one being somewhat similar. > Why does the concept bug me? Why do I think that if it's machine > generated and easy to memorize it's going to be easy to brute force? If computers can't do things better than you would yourself, why are we bothering to use them? > Anyway, helping the user at least set a password other than the typical > "password" sort of password will be sort of an improvement, at least for > a little while. It's hard to reconcile this comment with the previous one that implied that the user would do a better job than pwgen... -- Les Mikesell les@xxxxxxxxxxxxxxxx
