|
|
|
They are enforcing it, but for new passwords only. If they told all 200,000 users (and that's only broadband) that they HAD to change ALL their passwords, support would go into meltdown, as would their systems I suspect.
It is still the users responsibility to ensure they use secure passwords, PN have now allowed them to be more secure than before for those that want it and those that do change it.
|
|
|
|
To me that is just akin to putting 4 extra bolts on the front door and leaving the back door as it was.
If there is a need for complex passwords then enforce it. This just seems to be another Plusnet half hearted attempt to solve a potential problem.
If a job's worth doing........
|
|
|
In reply to:
If they told all 200,000 users (and that's only broadband) that they HAD to change ALL their passwords, support would go into meltdown, as would their systems I suspect.
Is the reason frequently trotted out by PN and their supporters for not informing customers of a lot of things which directly affect them.
+++++++++++++++++++++++++++++++++++++++
"Nearly all men can stand adversity, but if you want to test a man's character, give him power."
Abraham Lincoln
16th president of US (1809 - 1865)
|
|
Register (or login) on our website and you will not see this ad.
|
|
|
|
Post deleted by rsharma
|
|
|
In reply to:
To me that is just akin to putting 4 extra bolts on the front door and leaving the back door as it was.
More like a joiner putting on the bolts, but the home owner not using them. Making the security available is Plusnet's responsibility. Enforcing it is the user's.
I fail to see any major security difference between a six character and an eight character password. Twelve or more is starting to get into the realms of acceptable (although 30+ is even better  ). On average, non-techie users will not care for passwords over the size of six characters. That's life. Plusnet could alienate customers by forcing long passwords that some consider overkill.
Like I say it's Plusnet's job to make the security available, but taking their customers by the hand will not be liked by many.
That's not to say they can't send occasional reminders (quarterly perhaps) regarding general password security. Over time users will learn the value of decent password length.
|
|
|
|
Indeed. I've slated PlusNet for plenty of things. But seriously, this is a long overdue and generally good move. We've been given something that has been asked for for a long time, it's being enforced for all password changes, but those who don't care are not having it shoved down their throats. It's all good IMHO.
|
|
|
I'm dreading the day we have a serious security problem like this on our software.. I'm sure it will happen.. We've had bugs in the past but I would hope we've fixed them before anyone else found them.. The fact is things like this happen.
This isn't trying to defend PN.. just putting into context.. It's easy to be on the 'exposer' end of things because you have to get it right just once.. it's harder to be on the system side of it as you need to get it right every single time.
I'm sure PN are banging heads at walls right now (perhaps it's the kick they needed).
seb
|
|
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
|
|
|
In reply to:
If they told all 200,000 users (and that's only broadband) that they HAD to change ALL their passwords, support would go into meltdown, as would their systems I suspect.
It's called Risk Assessment & Cost Benefit Analysis. Unfortunately it doesn't work with religions.. (the technical kind I'm referring to :-p)
seb
|
|
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
|
|
|
> To me that is just akin to putting 4 extra bolts on the front door and leaving the back door as it was.
It's more about putting the bolts on but not forcing the inhabitants to use them.. You'd have to give them health and safety training to understand how to open them in an emergency in the dark etc.. doing that on large scale is difficult.
I would hope PlusNet gradually increases it until everyone had updated.
seb
|
|
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
|
|
|
In reply to:
More like a joiner putting on the bolts, but the home owner not using them. Making the security available is Plusnet's responsibility. Enforcing it is the user's.
I wrote my previous post before I saw what you said.. honest
In reply to:
Plusnet could alienate customers by forcing long passwords that some consider overkill.
The users would just use long complex passwords which match on more sites.. leading to more compromises.. So many people ignore the effects of social impact of IT... you made life difficult and users simplify it.. you force long passwords they can't remember? they write them down or use the same one more often... you make them change it often? they'll write it down or use a predictable pattern.. you need to take the choice off the user like with one time passwords if the application is really important
seb
|
|
The author of the above post is a thinkbroadband staff member. It may not constitute an official statement on behalf of thinkbroadband.
|