> When I worked in this field, we used to explain that usability and > security, at the extremes were two opposite ends of a continuum. > Adding to one nearly always compromised the other. I know it is a bit > simplistic, but it works as a quick explaination.
Thanks, Mark. I am quite familiar with the usability-security continuum, but I'm surprised as how few sites out there have concrete recommendations on where the best place along the continuum is. I guess it's still too controversial, but surely someone out there has some opinions on what the best password policy is, trading off complexity / "time to hack" and ability for users to remember. Perhaps, as you say, they're all lurking in Forrester, which, sadly, I don't have access to! Another person replied to me privately with the following blog post: http://www.baekdal.com/articles/usability/password-security-usability/ The author talks about how long it would take a hacker to break certain passwords. It's easy to calculate how long brute force attacks might take, but it gets scary when you look at dictionary attacks. I think my recommendation is going to be a weak-medium-strong entropy indicator that takes dictionary words into account, plus restricting the number of attempts the user can make within a time period. I am EXTREMELY worried about forcing high entropy on people though... so that's where I start sighing. Sigh. Meredith ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [EMAIL PROTECTED] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
