Educause Security Discussion mailing list archives
Re: Are users right in rejecting security advice?
From: Eric Case <ecase () EMAIL ARIZONA EDU>
Date: Wed, 17 Mar 2010 13:41:52 -0700
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Jansen, Morgan R. Sent: Wednesday, March 17, 2010 12:58 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Are users right in rejecting security advice? This is such an interesting discussion! I agree that security must be tailored for the institution. Relating the reasoning to the user base and giving them training is key. My husband works with me and hated when we implemented more restrictive password policies. I have found that when people understand why they are more restrictive and are given some tips on how to remember their passwords they are more agreeable.
<rant> I do not mean to offend anyone, but is that mindset the reason that users reject security advice? "The new password policy is more restrictive" vs. "the new password policy is simple; longer is better" (or whatever). When are we going to stop saying password and start saying passphrase? Long and 'simple' bets short and 'complex' everyday. Has everyone seen Pafwert http://xato.net/bl/2007/01/30/pafwert-smarter-passwords? </rant> -Eric Eric Case, CISSP eric (at) ericcase (dot) com http://www.linkedin.com/in/ericcase
Current thread:
- Re: Are users right in rejecting security advice?, (continued)
- Re: Are users right in rejecting security advice? Michael Van Norman (Mar 17)
- Re: Are users right in rejecting security advice? Basgen, Brian (Mar 17)
- Re: Are users right in rejecting security advice? Allison Dolan (Mar 17)
- Re: Are users right in rejecting security advice? Michael Sinatra (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Patrick Ouellette (Mar 17)
- Re: Are users right in rejecting security advice? Jansen, Morgan R. (Mar 17)
- Re: Are users right in rejecting security advice? Dick Jacobson (Mar 17)
- Re: Are users right in rejecting security advice? John Nunnally (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Patrick Ouellette (Mar 17)
- Re: Are users right in rejecting security advice? Roger Safian (Mar 17)
- Re: Are users right in rejecting security advice? Michael Sinatra (Mar 17)
- Re: Are users right in rejecting security advice? Ken Connelly (Mar 17)
- Re: Are users right in rejecting security advice? Michael Sinatra (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
- Re: Are users right in rejecting security advice? Steven Alexander (Mar 17)
- Re: Are users right in rejecting security advice? Justin Azoff (Mar 17)
- Re: Are users right in rejecting security advice? Michael Sinatra (Mar 17)
- Re: Are users right in rejecting security advice? Eric Case (Mar 17)
(Thread continues...)