Subject Re: draft charge, refeds working group on assurance
From "RL 'Bob' Morgan" <rlmorgan@xxxxxxxxxxxxxx>
Date Tue, 5 Jul 2011 01:15:08 -0700 (PDT)

[subject line changed ... 8^)]

I was thinking about less obvious reasons for #fail such as the requirement to limit online dictionary attacks against your users credentials. Not quite so easy once you start to get into the details of it.

Indeed. And the big services, Google at least, claim they do a much bettr job of this than orgs like ours ever could, since they can invest huge resources in monitoring, behavior tracking, etc.

 - RL "Bob"