Amazon PayPhrase wasn't a good system for them to study.
By default, Amazon PayPhrase recommends a random pairing of two words. I bet that most users didn't bother changing their recommended passphrase. It also affected user behavior: users are more inclined to pick two-word pairings or other super simple passphrases if that's what's presented to them initially. Amazon PayPhrase also discourages users from making traditional non-dictionary passwords, which is very different from most other password systems. This, along with the fact that no two passphrases are allowed to be the same, makes their passphrases highly predictable.
I think this study says more about user behavior in regards to using the Amazon PayPhrase system than it does about multi-word password security in general.
I don't agree with a blanket 50% policy on failing grades, but I think teachers should give students incentives to perform better. Rather than adding to the imbalance that is the grading system, why not invite teachers to motivate students to learning the material? Grade replacements, dropping the lowest grade, and extra credit are all better alternatives than capping the failure ratio and letting students slip by with a mediocre education.
Speaking of mediocre education, I wonder if the school is suffering from a low graduation rate and is using this as a solution to the problem.
Getting a mysterious popup on some random website while you're web surfing is one thing, but these students were specifically asked by researchers to check out these websites.
Why would a student assume that the researcher has pointed them to a harmful website? And because they were told to "watch the sites load," wouldn't at least some of them assume the popups were part of the process? Also, why would a student care if a university computer were infected with malware?
This study doesn't tell me that "most users are idiots." It tells me that most college students follow directions. I think the study would have been better if the users had found these sites without being prompted and if their own computers were at risk.
Oh, MT's open source now? That's nice. I would have cared a few years ago.
MT's commercial licenses are one of the big reasons why WordPress became so popular. WordPress has been in heavy development in the past year. Just last summer, a new version of WordPress was released every two weeks or so. It's no wonder why WP's user base has gotten so big.
WP is standards-compliant, has a lot of plugins for me to play with, and gets updated so much that it's getting a little annoying. Unless any of that changes, I've got no reason to switch.
Why didn't Microsoft just fix the problem instead of adding a user confirmation prompt? Why is it important for IE to allow websites to get clipboard data from users?
That's a screwy way of fixing a security defect, if you ask me.
"It would be run by people who, through fertility treatments and frozen human eggs and sperm, could serve as a new Adam and Eve in addition to their role as a new Noah."
What we're talking about here are stored DNA samples, frozen or otherwised preserved in some type of bank, waiting for a living being to use these samples. If no one were alive to use those samples, they'd really be useless.
They'll stay frozen, and they'll stay unused until a living being with the right technology and resources is able to use them. What are the chances of that happening?
This isn't science fiction here. Some more thought needs to be put into this "Life After Earth" topic.
If a catastrophic event occurs that wipes out the human race, how are DNA samples going to restore humanity? It's not like we have the technology to start popping out species with just a sample of old DNA. And if we did, a doomsday disaster most likely wouldn't spare that technology.
Unless those DNA samples can build themselves, it's not very useful for a post-doomsday world.
CSS has done a lot of good for the World Wide Web, despite the flaws in its implementation and design.
It's true that many webpages using CSS look different across web browsers. But things are certainly a lot better than they were a decade ago, when all we had was HTML and pages telling us "Best Viewed in Internet Explorer!" or "Best Viewed in Netscape." Today, websites are better formed, using CSS and a better defined HTML. They can be readable, customizable, and even versatile, when the right technologies are used (e.g., RSS).
But the Web isn't as simple as an operating system running applications specifically made for it. It's all about the acceptance of standards and implementing those standards across all platforms and media. Dvorak may not believe it, but we've come a long way in webpage development, and modern implementations of the Web's technologies are much better than they were ten years ago.
CSS isn't perfect, but it's done a good job of improving the Web, and it deserves a heck of a lot more credit than Dvorak believes.
I don't know what made Jakob Nielsen such a "guru," but all I ever hear from him is outdated advice or advice that suggests that we should jump back several years or so in technology. From what I've read about him, he believes that the world isn't ready for the majority of the technology that we use on the Internet.
He still believes that "most users have access speeds on the order of 28.8 kbps," which he uses as one of his excuses for having a graphic-free and ill-designed website. It seems to me that his website is proof enough that this guy isn't an expert on design and usability.
Google, Yahoo, Slashdot, and just about the rest of the Web understand that aesthetics and special features matter, and designing for a 28.8k demographic isn't going to help anyone. If we all listened to this Nielsen guy, we wouldn't have technologies like AJAX and Flash enhancing our online experience.
His view on RSS feeds and blogging implies that the majority of the world can't keep up with the times. So while 10-year-olds are owning cellphones and posting about their lives on LiveJournal, the rest of society isn't capable of learning how to use RSS feeds and blogs? It may take time for the general public to get used to something like RSS feeds, but that doesn't mean we shouldn't use it.
Slashdot Mirror
Amazon PayPhrase wasn't a good system for them to study.
By default, Amazon PayPhrase recommends a random pairing of two words. I bet that most users didn't bother changing their recommended passphrase. It also affected user behavior: users are more inclined to pick two-word pairings or other super simple passphrases if that's what's presented to them initially. Amazon PayPhrase also discourages users from making traditional non-dictionary passwords, which is very different from most other password systems. This, along with the fact that no two passphrases are allowed to be the same, makes their passphrases highly predictable.
I think this study says more about user behavior in regards to using the Amazon PayPhrase system than it does about multi-word password security in general.
I don't agree with a blanket 50% policy on failing grades, but I think teachers should give students incentives to perform better. Rather than adding to the imbalance that is the grading system, why not invite teachers to motivate students to learning the material? Grade replacements, dropping the lowest grade, and extra credit are all better alternatives than capping the failure ratio and letting students slip by with a mediocre education.
Speaking of mediocre education, I wonder if the school is suffering from a low graduation rate and is using this as a solution to the problem.
Getting a mysterious popup on some random website while you're web surfing is one thing, but these students were specifically asked by researchers to check out these websites.
Why would a student assume that the researcher has pointed them to a harmful website? And because they were told to "watch the sites load," wouldn't at least some of them assume the popups were part of the process? Also, why would a student care if a university computer were infected with malware?
This study doesn't tell me that "most users are idiots." It tells me that most college students follow directions. I think the study would have been better if the users had found these sites without being prompted and if their own computers were at risk.
Oh, MT's open source now? That's nice. I would have cared a few years ago.
MT's commercial licenses are one of the big reasons why WordPress became so popular. WordPress has been in heavy development in the past year. Just last summer, a new version of WordPress was released every two weeks or so. It's no wonder why WP's user base has gotten so big.
WP is standards-compliant, has a lot of plugins for me to play with, and gets updated so much that it's getting a little annoying. Unless any of that changes, I've got no reason to switch.
Why didn't Microsoft just fix the problem instead of adding a user confirmation prompt? Why is it important for IE to allow websites to get clipboard data from users?
That's a screwy way of fixing a security defect, if you ask me.
"It would be run by people who, through fertility treatments and frozen human eggs and sperm, could serve as a new Adam and Eve in addition to their role as a new Noah."
What we're talking about here are stored DNA samples, frozen or otherwised preserved in some type of bank, waiting for a living being to use these samples. If no one were alive to use those samples, they'd really be useless.
They'll stay frozen, and they'll stay unused until a living being with the right technology and resources is able to use them. What are the chances of that happening?
This isn't science fiction here. Some more thought needs to be put into this "Life After Earth" topic.
If a catastrophic event occurs that wipes out the human race, how are DNA samples going to restore humanity? It's not like we have the technology to start popping out species with just a sample of old DNA. And if we did, a doomsday disaster most likely wouldn't spare that technology.
Unless those DNA samples can build themselves, it's not very useful for a post-doomsday world.
CSS has done a lot of good for the World Wide Web, despite the flaws in its implementation and design.
It's true that many webpages using CSS look different across web browsers. But things are certainly a lot better than they were a decade ago, when all we had was HTML and pages telling us "Best Viewed in Internet Explorer!" or "Best Viewed in Netscape." Today, websites are better formed, using CSS and a better defined HTML. They can be readable, customizable, and even versatile, when the right technologies are used (e.g., RSS).
But the Web isn't as simple as an operating system running applications specifically made for it. It's all about the acceptance of standards and implementing those standards across all platforms and media. Dvorak may not believe it, but we've come a long way in webpage development, and modern implementations of the Web's technologies are much better than they were ten years ago.
CSS isn't perfect, but it's done a good job of improving the Web, and it deserves a heck of a lot more credit than Dvorak believes.
I don't know what made Jakob Nielsen such a "guru," but all I ever hear from him is outdated advice or advice that suggests that we should jump back several years or so in technology. From what I've read about him, he believes that the world isn't ready for the majority of the technology that we use on the Internet.
He still believes that "most users have access speeds on the order of 28.8 kbps," which he uses as one of his excuses for having a graphic-free and ill-designed website. It seems to me that his website is proof enough that this guy isn't an expert on design and usability.
If you ask me, I think any site that requires the author to explain why he uses arrows instead of colons is a poorly designed website.
Google, Yahoo, Slashdot, and just about the rest of the Web understand that aesthetics and special features matter, and designing for a 28.8k demographic isn't going to help anyone. If we all listened to this Nielsen guy, we wouldn't have technologies like AJAX and Flash enhancing our online experience.
His view on RSS feeds and blogging implies that the majority of the world can't keep up with the times. So while 10-year-olds are owning cellphones and posting about their lives on LiveJournal, the rest of society isn't capable of learning how to use RSS feeds and blogs? It may take time for the general public to get used to something like RSS feeds, but that doesn't mean we shouldn't use it.