Security Basics mailing list archives
Re: Linking Password Length to Write-down probability
From: Nick Owen <nowen () wikidsystems com>
Date: Fri, 27 May 2005 11:44:31 -0400
I think it would be hard to link writing down passwords to just the length and complexity. I would think that the number of passwords a person has would be a bigger factor. I think it would be hard to account for that - since so many would be outside the enterprise. Stian Øvrevåge wrote:
God morning list! I continually read papers which advertise increased password lenghts ( and outrageous complexity requirements ) as The Solution(TM). I work in a fairly large organization and I can safely acknowledge that even 8 character passwords with moderate complexity requirements are VERY prone to beeing written un-encrypted and un-hashed on Post-Its, and then safely contained, under the keyboard, or on the monitor. Which in my humble oppinion is bordering to "stupid security". I'm certain that there is a link between required password lenght and complexity and the probability of users taking the huge leap backwards and writing passwords down. I've been doing a little Googling, but I can't seem to find any scientific analytical/statistical research done on this particular subject. Is anyone out there aware of any works done in this field? If not, is there anyone intrested in conducting such a survey on the behalf of the community? Regards, Stian
-- Nick Owen WiKID Systems, Inc. 404.962.8983 (desk) 404.542.9453 (cell) http://www.wikidsystems.com At last, two-factor authentication, without the hassle factor
Current thread:
- Linking Password Length to Write-down probability Stian Øvrevåge (May 26)
- RE: Linking Password Length to Write-down probability Ryan Platt (May 27)
- Re: Linking Password Length to Write-down probability Gonzalo Martinez (May 27)
- Re: Linking Password Length to Write-down probability Nick Owen (May 30)
- RE: Linking Password Length to Write-down probability Andrew Aris (May 31)
- Re: Linking Password Length to Write-down probability Nick Owen (May 30)
- RE: Linking Password Length to Write-down probability Miguel Dilaj (May 27)
- Re: Linking Password Length to Write-down probability Nick Owen (May 30)
- Re: Linking Password Length to Write-down probability Mihai Amarandei (May 30)
- <Possible follow-ups>
- Re: Linking Password Length to Write-down probability Doug . Janelle (May 27)
- Re: Linking Password Length to Write-down probability Dan Tesch (May 30)
- RE: Linking Password Length to Write-down probability Bob Kurth (May 27)
- Re: Linking Password Length to Write-down probability John Blackley (May 27)
- RE: Linking Password Length to Write-down probability KWajda (May 30)
- Re: Linking Password Length to Write-down probability Doug . Janelle (May 30)
- Re: Linking Password Length to Write-down probability Mark Burnett (May 30)