[plug] ISPs Bizzpro

[Christian]

On Sun, Jan 28, 2001 at 12:00:44AM +0800, The Thought Assassin wrote:
> On Sat, 27 Jan 2001, Christian wrote:
> > On Wed, Jan 24, 2001 at 09:01:00PM +1600, Ari Finander wrote:
> > > 1- What ISP makes you request a password through them?  I've never,
> > > ever, had to let someone else know my login password when setting it.
> > Any ISP that wants to make properly certain that their users won't
> > choose bad passwords.
> There is no real reason this policy can't be enforced by the passwd
> program, is there?

Well, there are programs that you're referring to that implement certain
checks but these are mostly easily fooled.  An easily guessable password
that looks like it meets minimal entropy requirements isn't that hard to
for people to come up with left to their own devices.  Like I said, if
you want to "make properly certain" then you really have to do it by
hand unfortunately.

> > During my times as a client of several ISPs, I never liked this policy.
> > During my times as an administrator at several ISPs, it is a policy I
> > always tried to enforce.
> I guess if your customers are happy with it, then I guess that's fine. It
> isn't that much work to create a system that fulfils both needs, though.
> Also, not knowing the customers' passwords can reduce liability.

In the past my experience has been that the vast majority of customers
don't mind in the slightest.  The few that do are the few who would ask
for shell access so these are (hopefully) aware enough to choose
reasonable passwords.

I'm not sure about the claims of increased liability.  It would seem
logical to me that anyone who could steal passwords from a filing
cabinet could easily impersonate someone else numerous other much easier
ways as Matt has suggested.  It seems more than a little far-fetched to
me to suggest increased liability, especially since virtually all user
accounts are created by the administrator after being supplied with an
initial password that NEVER gets changed.  Of course, I am not a lawyer...