gdm Create User
Alan Cox
alan at redhat.com
Sun Oct 7 22:20:42 UTC 2007
On Sun, Oct 07, 2007 at 06:41:25PM +0200, Lubomir Kundrak wrote:
> Would the system, where an user would have to know ten passwords and
> five usernames be more secure than one, where account is protected just
> with the password? If yes, why don't we do that now?
I'm sort of scared anybody in a security team would even ask that question
as is.
A system with one common password if the password is good should reduce
the changes of a user forgetting it and the human tendancies to do dumb
things (although there are good arguments that writing it down isn't actually
that dumb in the general case)
Multiple login/password sets means a breach of one system does not trigger
a breach of another. This is why your credit card number isn't a good password
for the local irc server or MUD.
Alan
More information about the fedora-devel-list
mailing list