On Tue, Oct 28, 2008 at 7:09 AM, Mark Canlas <[EMAIL PROTECTED]> wrote: > Here's the programmer-sympathetic counter to what you're saying. > Users tend to choose the easiest-to-type passwords. These passwords also > tend to be the easiest to break in to.
All of my strong passwords are easy to type (which is why I chose them). It annoys and concerns me when a website forces me to select a weak password. Restricting what a user can pick for a password to the point they they aren't going to remember, serves no one. Not the user and not the company/website. If the user cannot remember their password then the company/website should have some way to recover/reset that password. In some cases requiring the user to *call* the company to recover their password (wasted resources if the user was allowed pick a password they could remember). As far as weak passwords go, the system shouldn't be so insecure as to allow one user to cause very much damage. If the user selects a weak password and someone breaks into their account and destroys the users info/account/profile the responsibility is on the user. If the system allows that one user to destroy the system then that is on the company. Granted admins might have that power but they are not typical users and tend not to select weak passwords. The best way I've seen to encourage users to select strong passwords is to show them on the fly how strong it is. Who wants to see a big red "weak" next to their password? Just my 2 cents. -- Andrew Jaswa andrewjaswa.com wsuug.org ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [EMAIL PROTECTED] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
