Slashdot Mirror

← Back to Stories (view on slashdot.org)

Applying Pavlovian Psychology to Password Management

Posted by timothy on from the risk-versus-reward-baby dept.

Ars Technica reports on an interesting and sensible-sounding approach to password policy that I'd like to see adopted just about everywhere I have a password (which, these days, is quite a few). An excerpt: "For instance, a user who picks "test123@#" might be required to change the password in three days under the system proposed by Lance James, the head of the cyber intelligence group at Deloitte & Touche. The three-day limit is based on calculations showing it would take about 4.5 days to find the password using offline cracking techniques. Had the same user chosen "t3st123@##$x" (all passwords in this post don't include the beginning and ending quotation marks), the system wouldn't require a change for three months."

1 of 288 comments (clear)

  1. Re:A Revelation for all by CODiNE · · Score: 1, Troll

    YESSS!! Finally I'll be able to log into and post from the illustrious Anonymous Coward account!

    --
    Cwm, fjord-bank glyphs vext quiz