Chris Vestal wrote: > http://usa.visa.com > It is not about security through "inconvenience" but there are real technical reasons for strong passwords at least on e-commerce sites.
Usually is about inconvenience *instead* of security. The most commonly used security "metric" is how safe users feel they are, or stakeholders believe users are. A reality check about how much credit card companies actually care: http://www.zug.com/pranks/credit-cards/ I would certainly not advocate weak passwords. But password strength is a subjective matter. The same password can be considered very weak or unbeatably strong by two different algorithms ( = programmers). That is why the burden is always on the user, whose decision must be respected. Inform users how strong your algorithm "thinks" their passwords are (I second Andrew on doing it on the fly), but don't kick them out if they consider that the value that password has to protect does not deserve any more trouble. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Posted from the new ixda.org http://www.ixda.org/discuss?post=34957 ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [EMAIL PROTECTED] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
