[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnupg-users
Subject:    Re: A better way to think about passwords
From:       "Robert J. Hansen" <rjh () sixdemonbag ! org>
Date:       2011-04-21 12:38:38
Message-ID: 9DCCF3BE-8F3C-4312-AF96-A28A5B99EDEF () sixdemonbag ! org
[Download RAW message or body]

> In short: don't force a particular strategy on your users.  Much
> better to explain to users the general problem, and then leave it up
> to them to pick a password.

Historically speaking, this has shown not to work.  I'll try to dig up the HCI \
references if people really want, but the gist of it is people don't want to have to \
learn and understand: they just want to get their work done.  The instant you make \
compliance voluntary and education-based, the vast majority of users say "meh" and \
choose "password" as their login credential.

The belief that security problems can be solved by educating users is a common one: \
it is also a deluded one.  It handwaves the very serious problem of most users not \
wanting to be educated and being actively hostile to it.  "Why do I have to learn all \
this propellerheaded geek stuff?  I just want to get my work done!"


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users


[prev in list] [next in list] [prev in thread] [next in thread]