On Dec 20, 2019, at 6:43 AM, Sven Hartge <sven@svenhartge.de> wrote:
On 19.12.19 23:42, Coy Hile wrote:
Is it really industry standard that people store users' passwords in cleartext? It seems to be a requirement, but it is something that gives me pause, as to do so contravenes what are otherwise best practices.
We (my employer) uses a different password for everything related to network access, meaning mainling WiFi and VPN.
That works, but it pushes the complexity of password management onto the users. And users are dumb. i.e. *I* don't want to punish myself by having different passwords for different services. I can't remember them, it's a PITA to manage, and I have better things to do with my time. Since it's not worth my time, then I believe that other people shouldn't do it, either. For me, I just use client certificates everywhere. It's supported for EAP, and for all reasonable VPNs. Alan DeKok.