On 1/5/2012 9:14 AM, Charles Marcus wrote:
On 2012-01-05 10:28 AM, Michael Orlitzky michael@orlitzky.com wrote:
On 01/05/12 06:26, Charles Marcus wrote:
You realize they're just walking around with a $400 post-it note with the password written on it, right?
Nope, you are wrong - as I have patiently explained before. They do not *need* to write their password down.
They have them written down on their phones. If someone gets a hold of the phone, he can just read the password off of it.
<sigh> No, they don't, your claim is baseless and without merit.
Most people have never even known what their password *is*, much less written it down, because as I said (more than once), *I* set up their email clients (workstations, home computers and phones) *for them*.
If the phone knows the password and I have the phone, then I have the password. Similarly, if I compromise the workstation that knows the password, then I also have the password.
Even if the user doesn't know the password, the phone/workstation does. And it has to be stored in a retrievable way.
That's what he's trying to say when he was talking about a "$400 post-it note."