SoylentNews is people
SoylentNews
from the back-to-the-postit-under-the-keyboard dept.
An Ars Technica article entitled "Pavlovian password management" aims to change sloppy habits. Policy would reward or penalize people based on the passwords they pick.
For more than a decade, the virtues of strong passwords have been lost on most end users, despite frequent sermons from security experts and IT administrators over their importance in locking down accounts. Now, a consultant is proposing a system that provides rewards or penalties based on the passcode choices people make. For instance, a user who picks test123@# might be required to change the password in three days under the system proposed by Lance James, the head of the cyber intelligence group at Deloitte & Touche. The three-day limit is based on calculations showing it would take about 4.5 days to find the password using offline cracking techniques. Had the same user chosen t3st123@##$x , the system wouldn't require a change for three months.
(Score: 1) by LegendaryTeeth on Tuesday May 06 2014, @03:05PM
It's not so much that as that your security is only as strong as the weakest link in the chain. It's the same reason you need to save your passwords as salted hashes and not just plaintext. Sure, you do what you can to prevent anyone from stealing the database, but you need mitigate the damage in case they do.