Re: Passwords must be
how did that AC up there with the lecture get all those downvotes?
I suspect because people assume that it is impossible to harden email accounts to the point that the traditional dictionary attacks no longer work. Although I appreciate the cynicism (no, really, there's enough nonsense being sold so I don't mind the downvotes), it happens to be true - there are a LOT of things you can do to email to make it considerably safer without immediately encumbering yourself with certificate management and I have been using email in one form or another for some 30 years now.
When I started our development there was no money whatsoever - like Russians forced to become intelligent in using lower spec computers due to US embargoes, we were forced into being smart with what we had because we didn't have the luxury to buy anything. That's when it all got interesting, and is also the reason why I remain AC.
There will be more after the summer holidays, but let's just say that I have already seen some very basic things they have to change at whatever service that hosts parliament.uk.
Biting the hand that feeds IT
