Password resets

[Lyos Gemini Norezel]

Mike McGrath wrote:
> I discovered long ago there's no glory in what we do.  Gotta fight the
> good fight just because it's there.
>
>   

There's a truism I wish I'd never heard.


>
> It's not my idea of security, it's my idea of a task.  I just want some
> concrete thing that has a begining, middle, and end for people to do so we
> can prune accounts.  Logging in and typing your password a couple of time
> (and keeping it the same thing).  Doesn't sound like it's introducing or
> removing any holes.
>   

As I said before, it seems, that not everyone understood that. 
Most (apparently) thought the password had to be changed. 
That's what will introduce new holes that didn't exist before. 

I think the major portion of confusion here is the standards set by 
'free' email services, where a 'password reset' means selecting and 
entering a new password (this is also common in corporate settings).

I'm simply suggesting that it'll be easier/more secure to handle by way
of logging 'login times' than the way it is currently being handled.

It may well prove to be more work than was wanted... but more work is 
often better than a reduction in security.


> Sorry to hear you won't be discussing it further.
>
> 	-Mike
>   
Toshio has the majority of my arguments from our recent discussions.
I am willing to clear up confusion in my arguments, should they arise,
but I will not fight.

My mind (and body) simply cannot handle the stress of 
debating/arguing/fighting,
and seeing as this is the kind of discussion that can quickly run out of 
control, I am
simply stating my intention not to get involved in another fight.


Lyos Gemini Norezel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Lyos_GeminiNorezel.vcf
Type: text/x-vcard
Size: 428 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/infrastructure/attachments/20090311/b4f6db3c/attachment.vcf