On mySimon: Holiday Gifts For Kids
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack 32 of 34:
Next »
« Previous
Passwords are broken, but you can't make them better with duct tape
The number one problem with passwords is that organizations spend so little time educating users on good password selection. This is in part because organizations aren't spending much time educating themselves on how to teach people good password practices. They just repeat the same advice they've been giving for 30 years and wonder why it doesn't work.

Once people are choosing good passwords they can work on providing people with tools and advice that make using passwords easier. If you require people to use 10 different passwords you better provide them with secure password management software or alternative. If you lock them out after 3 bad login attempts you better provide them with quick way to reset their password. If you tell them not to share their password you must make sure your normal business procedures don't require them to disregard the policy.

Alternatives to passwords can be great, but they aren't perfect -- nor expected to be perfect. I identified five characteristics that can be used to compare and contrast authenticators. If you want to learn more about them check out this link: http://www.passwordresearch.com/core.html

Bruce K. Marshall
Password Research Institute
Posted by: bkml@...   Posted on: 12/14/04 You are currently: a Guest | Members login | Terms of Use
Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

Any major change in corporate security methods  alterego_z | 12/09/04
The article should have been called 'MS says smart cards are the way' (NT)  Letophoro | 12/09/04
Smart cards? Think "ATM cards"...  Zogg | 12/09/04
Strong Passwords  rpmyers1 | 12/09/04
This is rich...  Yen_z | 12/09/04
Once Again Microsloth Tries To Rule The World  itanalyst | 12/09/04
Good post, bad title  rapson | 12/09/04
Like I said...  John L. Ries | 12/09/04
Humans will ALWAYS be the weakest link.  No_Ax_to_Grind | 12/09/04
Message has been deleted.  itanalyst | 12/09/04
Ah, looking for your first deleted message today?  No_Ax_to_Grind | 12/09/04
Like I Care If It Gets Deleted....  itanalyst | 12/09/04
I understand, no value to your posts.  No_Ax_to_Grind | 12/09/04
Cmon No_Ax, You Know Me Better Than That  itanalyst | 12/09/04
Doubtful  LinuxHippie | 12/09/04
No And No  itanalyst | 12/09/04
Message has been deleted.  No_Ax_to_Grind | 12/09/04
ROFLMAO  No_Ax_to_Grind | 12/09/04
I Guess So..LOL!!  itanalyst | 12/09/04
Cards can be lost, just implant the chip!  Sunny Jalolly | 12/09/04
Nice Idea....If You Want To Burn In Hell  itanalyst | 12/09/04
But, you don't believe in Hell.  No_Ax_to_Grind | 12/09/04
Sure I Believe In Hell  itanalyst | 12/09/04
Have some of you not even SEEN a smart card?  BigHeat | 12/09/04
Yes, and relacement costs went thru the roof  Sunny Jalolly | 12/09/04
Interesting - sounds like SecurID  Zogg | 12/10/04
"Smart card" is generic - SecureID is an example.  BigHeat | 12/10/04
Connection with Sun?  Roger Ramjet | 12/09/04
At last: we found the  michael-t | 12/09/04
Smart Card for a Dumb OS  jacarter3 | 12/09/04
Weak but realistic  gandreotti | 12/09/04
Passwords are broken, but you can't make them better with duct tape  bkml@... | 12/14/04
ms idea of secure passwords is passport  JasonL31 | 12/10/04
Why not pass phrases  MAButler | 01/28/05

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement
advertisement

SmartPlanet

Click Here