Applying Pavlovian Psychology to Password Management

Posted by timothy on Sunday May 4, 2014 @03:31PM from the risk-versus-reward-baby dept.

Ars Technica reports on an interesting and sensible-sounding approach to password policy that I'd like to see adopted just about everywhere I have a password (which, these days, is quite a few). An excerpt: "For instance, a user who picks "test123@#" might be required to change the password in three days under the system proposed by Lance James, the head of the cyber intelligence group at Deloitte & Touche. The three-day limit is based on calculations showing it would take about 4.5 days to find the password using offline cracking techniques. Had the same user chosen "t3st123@##$x" (all passwords in this post don't include the beginning and ending quotation marks), the system wouldn't require a change for three months."

3 of 288 comments (clear)

Min score:

Reason:

Sort:

Why not? by msauve · 2014-05-04 15:37 · Score: 5, Funny

all passwords in this post don't include the beginning and ending quotation marks
Include the quotes, and be even more secure!

--
"National Security is the chief cause of national insecurity." - Celine's First Law
I just read an interesting story about Pavlov. by RevWaldo · 2014-05-04 17:10 · Score: 5, Funny

One day Pavlov walked into a bar and ordered a cognac. He was about to take a sip when the barkeep rang him up. He dropped his glass and shouted "Shit! I've got to feed the dogs!" and ran out.

.

--
Prisencolinensinainciusol. Ol Rait!
Re:Proliferation of two-factor means by BVis · 2014-05-05 00:16 · Score: 3, Funny

Only in the US is it considered normal for the receiver to pay for incoming messages and calls.
Why do you hate America?

--
Never underestimate the power of stupid people in large groups.