[prev in list] [next in list] [prev in thread] [next in thread]
List: gnupg-users
Subject: Re: A better way to think about passwords
From: "Robert J. Hansen" <rjh () sixdemonbag ! org>
Date: 2011-04-21 12:38:38
Message-ID: 9DCCF3BE-8F3C-4312-AF96-A28A5B99EDEF () sixdemonbag ! org
[Download RAW message or body]
> In short: don't force a particular strategy on your users. Much
> better to explain to users the general problem, and then leave it up
> to them to pick a password.
Historically speaking, this has shown not to work. I'll try to dig up the HCI \
references if people really want, but the gist of it is people don't want to have to \
learn and understand: they just want to get their work done. The instant you make \
compliance voluntary and education-based, the vast majority of users say "meh" and \
choose "password" as their login credential.
The belief that security problems can be solved by educating users is a common one: \
it is also a deluded one. It handwaves the very serious problem of most users not \
wanting to be educated and being actively hostile to it. "Why do I have to learn all \
this propellerheaded geek stuff? I just want to get my work done!"
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic