[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[atlarge-discuss] VC: Thawte's WOT Part 3...

To: AtLarge Discuss List <atlarge-discuss@lists.fitug.de>
Subject: [atlarge-discuss] VC: Thawte's WOT Part 3...
From: Walter Schmidt <walts@dorsai.org>
Date: Fri, 25 Jul 2003 12:38:49 -0400 (EDT)
Cc: Walter Schmidt <walts@dorsai.org>
Delivered-to: mailing list atlarge-discuss@lists.fitug.de
List-help: <mailto:atlarge-discuss-help@lists.fitug.de>
List-post: <mailto:atlarge-discuss@lists.fitug.de>
List-subscribe: <mailto:atlarge-discuss-subscribe@lists.fitug.de>
List-unsubscribe: <mailto:atlarge-discuss-unsubscribe@lists.fitug.de>
Mailing-list: contact atlarge-discuss-help@lists.fitug.de; run by ezmlm

I've given them an email address, now they tell me about the password.
This has been customized by including two references to my national id
number...

 --- REgards, walts

Personal Certification Password Passwords.
Love to hate 'em. This whole page is devoted to the selection of a
password that you will use for your future interaction with Thawte and
this system. This is the most important page in the entire enrollment
process. Please read through this carefully, and make sure you understand
that we WILL NOT give out forgotten passwords by email.

About Your Password
Over time you will want to come back to this system to update, renew or
revoke certificates. If you install a new mail client, for example, you
will want to fetch a new certificate for it if you can't import your
existing certificate into it. To authenticate you we will require that you
know the password on this page.

If someone else steals your password
If someone has your password they have effectively destroyed any security
you gain from this system. They will be able to pass themselves off to
your colleagues as you, and worse, they will be able to digitally sign
documents with a certificate in your name. Loss of your password is
catastrophic for your security. Here's just a small sample of the bad
things that could happen if someone gets your password:

He will be able to forge digitally signed email from you, and you will be
liable in court for the consequences of that email.

If you use the Thawte Enterprise PKI or Strong Extranet then he will be
able to access any of your corporate resources. Your boss will be very
unimpressed.

He will be able to revoke any certificates you have requested, and request
new certificates in your name.

Please do not share your password with your boyfriend, girlfriend, spouse,
partner, colleague, friend or anyone else for that matter. This system is
ONLY useful for your own email and secure access to enterprise resources
in your own name. If someone else wants to use the system, it is FREE,
they must just enroll in their own name and be responsible for their own
password.

Password Retrieval
Thawte has built a system that will allow us to help customers who have
forgotten their password. On the next page we will gather a reliable
telephone number at which we can call you if necessary. We will also
gather a set of question/answer pairs which we will use to authenticate
you but it will be a big inconvenience for you. You can avoid this very
simply: by remembering your password!

If you FORGET your password

Your username for this system will look something like US-xxx-1. As you
can see it includes your national identity number. That means that you
CANNOT ENROLL AGAIN under a different username if you forget your
password.

This system works because there is one username and one password per user.
Your username will contain your identity number, so once you have enrolled
once you CANNOT simply enroll again if you forget your password. We are
not kidding. Losing your password will frustrate you. Why waste your time?
PLEASE make sure you don't forget your password. In short:

You will be unable to revoke or renew your certificates, or get additional
certificates for other purposes.

You will not be able to enroll in the system again because your identity
number has been used up.

Tips for a good password:

Your password should be between 6 and 20 characters long.

Your password is case sensitive, and should contain upper and lower case
letters and some digits. It should only include US-ASCII characters and
NOT nation-specific characters.

If you forget or lose your password you will not be able to update your
address information, revoke certificates, request additional certificates,
update your email information, or renew your certificates. You will not be
able to enroll again because (my national ID number) will have been
"used".

Please enter the password you wish to use. Please check that you don't
have CAPS LOCK on, then enter the password you want in each space below.



---------------------------------------------------------------------
To unsubscribe, e-mail: atlarge-discuss-unsubscribe@lists.fitug.de
For additional commands, e-mail: atlarge-discuss-help@lists.fitug.de

Prev by Date: [atlarge-discuss] VC: Thawte's WOT Part 2...
Next by Date: [atlarge-discuss] VC: Thawte's WOT Part ...
Previous by thread: [atlarge-discuss] VC: Thawte's WOT Part 2...
Next by thread: [atlarge-discuss] VC: Thawte's WOT Part ...
Index(es):
- Date
- Thread