

Password : a simple solution to a hard problem - loy22
http://loy22.blogspot.com/2011/05/passwords-simple-solution-to-hard.html

======
ynoclo
This could work if you are always forced to enter the full password to start a
login session. The "PIN" password's hash could be generated at that point and
held in protected memory (e.g. by a root process); it would go away on logout,
as well as after some small number of failed attempts.

As to whether it's a good idea, that's debatable: if you want to solve the
problem of being prompted for an admin password many times to perform tasks, a
better answer might be to prompt once and get some sort of authorization
ticket which allows the user to do a particular task without entering a
password until the ticket expires.

~~~
loy22
Thanks for the feedback. Security and user experience is always a matter of
balance. I was seduced by the idea of having a strong password, but I think
the current implementations discourage it for a regular use. From what I
understand the only alternative under Ubuntu is to disable the prompts
altogether, which is really not recommandable. Windows 7 has a nice way to
handle it, I wonder if it is secure enough.

