Wednesday, January 18, 2012

Do You Really Need a Password You Can Barely Remember?

Robert McMillan, Wired, Jan. 12, 2012

From the article: "To researchers Cormac Herley and Paul C. van Oorschot, the computer industry’s non-stop campaign to force us to strengthen our passwords is misguided — demanding too much work from users for the benefits it delivers. In a new research paper, van Oorschot and Herley, a Microsoft researcher, say that IT pros often get things backward when it comes to instructing us on password security. That’s because password advice usually neglects the really scary and effective attacks. In other words, users get easy answers rather than the information they really need to hear." Read more

See Also
A Research Agenda Acknowledging the Persistence of Passwords
Cormac Herley and Paul van Oorschot, Microsoft Research, 2012