Re: Linking Password Length to Write-down probability

[Nick Owen <nowen () wikidsystems com>]

I think it would be hard to link writing down passwords to just the
length and complexity.  I would think that the number of passwords a
person has would be a bigger factor.  I think it would be hard to
account for that - since so many would be outside the enterprise.

Stian Øvrevåge wrote:
> God morning list!
>
> I continually read papers which advertise increased password lenghts (
> and outrageous complexity requirements ) as The Solution(TM). I work
> in a fairly large organization and I can safely acknowledge that even
> 8 character passwords with moderate complexity requirements are VERY
> prone to beeing written un-encrypted and un-hashed on Post-Its, and
> then safely contained, under the keyboard, or on the monitor. Which in
> my humble oppinion is bordering to "stupid security".
>
> I'm certain that there is a link between required password lenght and
> complexity and the probability of users taking the huge leap backwards
> and writing passwords down.
>
> I've been doing a little Googling, but I can't seem to find any
> scientific analytical/statistical research done on this particular
> subject. Is anyone out there aware of any works done in this field? If
> not, is there anyone intrested in conducting such a survey on the
> behalf of the community?
>
> Regards, Stian

-- 

Nick Owen
WiKID Systems, Inc.
404.962.8983 (desk)
404.542.9453 (cell)
http://www.wikidsystems.com
At last, two-factor authentication, without the hassle factor