Please Do Not Change Your Password 497
cxbrx writes "Mark Pothier's Boston Globe article, 'Please do not change your password,' covers a paper by Microsoft Researcher Cormac Herley, 'So Long, and No Thanks for the Externalities: the Rational Rejection of Security Advice by Users,' from the 2009 New Security Paradigms Workshop. Herley argues 'that user's rejection of the security advice they receive is entirely rational from an economic perspective.' Herley discusses 'password rules,' 'teaching users to recognize phishing sites by reading URLs,' and 'certificate errors.' Users obviously choose bad passwords, but does password aging actually help? There was some discussion on TechRepublic. I'm especially interested in hearing about studies about password aging."
The best password is: (Score:5, Funny)
hunter2
Totally in time. (Score:4, Funny)
"Change your passwords and be rooted." -- JIRA attackers.
Re:Please let me use the same password (Score:5, Funny)
Re:Please let me use the same password (Score:2, Funny)
Hey, I make more than double the minimum wage! Yeah, no more passwords for me!!!!
Oops. I'm salaried. Shit.
i need an example (Score:3, Funny)
Re:The best password is: (Score:5, Funny)
Re:Please let me use the same password (Score:5, Funny)
Am I mistaken?
Please provide me with your social security number, birthday and mailing address so that I may answer your question.
Re:Post-it Note passwords (Score:2, Funny)
Re:Password aging isn't in touch with the real wor (Score:4, Funny)
Username: TheFonz (Score:5, Funny)
Re:Password aging isn't in touch with the real wor (Score:4, Funny)
Then I remembered I'd messed the keys around to fuck with people who looked over my shoulder.
Re:Please fix your systems! (Score:5, Funny)
Better yet, change your password to "do you have a pen?" and then call your IT person to say that you've forgotten what your password is.
Re:Please let me use the same password (Score:3, Funny)
Re:Please let me use the same password (Score:3, Funny)
"(dramatic voice)
Welcome to the world of tomorrow!"
You forgot:
"Brought to you Today!"
Re:Please let me use the same password (Score:5, Funny)
Or ex-wife.
Complex and expiring passwords are a GOOD thing (Score:5, Funny)
The biggest problem with password security is user education.
USER. EDUCATION.
Forget the WHY password complexity and expiring passwords is important; end-users don't care about that.
Educate end-users on how to make passwords that are complex and easy to remember. Such a thing IS possible. For example teach users to pick a phrase or sentence and type that in, replacing all the instances of the letter E with the number 3 and to capitalize all vowels. All the user needs to remember is the phrase and the rules to make it complex. And the phrase can be something VERY easy to remember like "my daughter was born in march" which turns into "mydAught3rwAsbOrnInmArch". Maybe you leave the spaces in. Maybe you change A to 4 or L to 1. Whatever the user wants.
It produces a complex, easy to remember password.
Re:Password aging does *not* help (Score:1, Funny)
OK, but if you wanted a really strong password you wouldn't truncate the decimals.
Re:The best password is: (Score:3, Funny)
Oh great. Now that you've revealed your password, anybody will be able to post as Anonymous Coward.
On password aging... (Score:2, Funny)
Re:i need an example (Score:3, Funny)
My password is ********
Re:Post-it Note passwords (Score:4, Funny)
I used to work a government facility that had really steep requirements:
"Passwords must be at least 15 characters long and be a combination of lowercase, uppercase, numerals, special characters, and at least one hieroglyph from the following languages: Aztec, Egyptian, or Mayan."
I would have written down my passwords but I can't draw that well. "Is this a stork, Anubis, or a hippo?"
They also had armed security guards wandering the halls. You had 3 chances to get the password right or they would send in the guards to blindfold you and take you away to be "liberated."
Re:The best password is: (Score:3, Funny)
For those of you who didn't know where the hunter2 joke was from, get off mah interwebs.
Hilarious (Score:2, Funny)
Re:ROFL (Score:1, Funny)
Depending on who you believe (in), the Pope might need the refresher.
Re:The best password is: (Score:3, Funny)
I get tired of changing passwords because I tend to forget the new one. I'd rather just keep it. For crucial things like banking or stocks, then I'll use a separate unique PASS and then lock it in a safe for future referral.
I know.