Security Basics mailing list archives
Linking Password Length to Write-down probability
From: Stian Øvrevåge <sovrevage () gmail com>
Date: Thu, 26 May 2005 11:06:42 +0200
God morning list! I continually read papers which advertise increased password lenghts ( and outrageous complexity requirements ) as The Solution(TM). I work in a fairly large organization and I can safely acknowledge that even 8 character passwords with moderate complexity requirements are VERY prone to beeing written un-encrypted and un-hashed on Post-Its, and then safely contained, under the keyboard, or on the monitor. Which in my humble oppinion is bordering to "stupid security". I'm certain that there is a link between required password lenght and complexity and the probability of users taking the huge leap backwards and writing passwords down. I've been doing a little Googling, but I can't seem to find any scientific analytical/statistical research done on this particular subject. Is anyone out there aware of any works done in this field? If not, is there anyone intrested in conducting such a survey on the behalf of the community? Regards, Stian
Current thread:
- Linking Password Length to Write-down probability Stian Øvrevåge (May 26)
- RE: Linking Password Length to Write-down probability Ryan Platt (May 27)
- Re: Linking Password Length to Write-down probability Gonzalo Martinez (May 27)
- Re: Linking Password Length to Write-down probability Nick Owen (May 30)
- RE: Linking Password Length to Write-down probability Andrew Aris (May 31)
- Re: Linking Password Length to Write-down probability Nick Owen (May 30)
- RE: Linking Password Length to Write-down probability Miguel Dilaj (May 27)
- Re: Linking Password Length to Write-down probability Nick Owen (May 30)
- Re: Linking Password Length to Write-down probability Mihai Amarandei (May 30)
- <Possible follow-ups>
- Re: Linking Password Length to Write-down probability Doug . Janelle (May 27)
- Re: Linking Password Length to Write-down probability Dan Tesch (May 30)
- RE: Linking Password Length to Write-down probability Bob Kurth (May 27)
(Thread continues...)