Forgot your password?

Applying Pavlovian Psychology to Password Management 288

Posted by timothy
from the risk-versus-reward-baby dept.
Ars Technica reports on an interesting and sensible-sounding approach to password policy that I'd like to see adopted just about everywhere I have a password (which, these days, is quite a few). An excerpt: "For instance, a user who picks "test123@#" might be required to change the password in three days under the system proposed by Lance James, the head of the cyber intelligence group at Deloitte & Touche. The three-day limit is based on calculations showing it would take about 4.5 days to find the password using offline cracking techniques. Had the same user chosen "t3st123@##$x" (all passwords in this post don't include the beginning and ending quotation marks), the system wouldn't require a change for three months."
This discussion has been archived. No new comments can be posted.

Applying Pavlovian Psychology to Password Management

Comments Filter:

To the systems programmer, users and applications serve only to provide a test load.