so... the obvious solution (at least to me...) is to get rid of the need for a user to use the keyboard for entering the password.... so if i have a solution that allows the user to more or less know that the site that he/she is on is the correct site, as well as a process that allows the user to access/authenticate that he/she is indeed the actual user, then we might have something... if you're dealing with a browser/internet system, i'm of the opoinion that it's time we start thinking about geting rid of text based passwords... they're too cumbersome to be secure, and once you start dealing with more than a few sites.. who really goes through the trouble to generate and remember really secure passwords... -bruce -----Original Message----- From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx]On Behalf Of Matthew Miller Sent: Monday, June 06, 2005 8:43 AM To: For users of Fedora Core releases Subject: Re: how can you verify that the site you get is not a fake? On Mon, Jun 06, 2005 at 09:28:07AM -0600, Robin Laing wrote: > This is an interesting thought. When one bank that we used changed > from UNIX to Windows servers, the passwords became case insensitive > and would not accept some characters. We raised this with the bank > and they didn't seem to concerned. A bank I used switch systems and changed everyone's username to be six-letters-of-last-name+year-of-birth and set the passwords to last four digits of social security number. I called up and complained, but they didn't see a problem with this even after I explained very carefully. Needless to say, I switched banks. -- Matthew Miller mattdm@xxxxxxxxxx <http://www.mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> Current office temperature: 80 degrees Fahrenheit. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
