SoylentNews

AnonTechie [soylentnews.org] writes:

"Pavlovian password management" aims to change sloppy habits. Policy would reward or penalize people based on the passwords they pick.

For more than a decade, the virtues of strong passwords have been lost on most end users, despite frequent sermons from security experts and IT administrators over their importance in locking down accounts. Now, a consultant is proposing a system that provides rewards or penalties based on the passcode choices people make. For instance, a user who picks test123@# might be required to change the password in three days under the system proposed by Lance James, the head of the cyber intelligence group at Deloitte & Touche. The three-day limit is based on calculations showing it would take about 4.5 days to find the password using offline cracking techniques. Had the same user chosen t3st123@##$x , the system wouldn't require a change for three months.

http://arstechnica.com/security/2014/05/pavlovian- password-management-aims-to-change-sloppy-habits/ [arstechnica.com]

https://securityledger.com/2014/05/is-pavlovian-pa ssword-management-the-answer/ [securityledger.com]

---

Original Submission