So you would advocate letting users set blank or English-word passwords? The user may think these are "secure enough". But what will they think when their funds are depleted by someone who broke into their account?
On Tue, Oct 28, 2008 at 2:41 PM, Santiago Bustelo <[EMAIL PROTECTED]>wrote: > Chris Vestal wrote: > > http://usa.visa.com > > It is not about security through "inconvenience" but there are > real technical reasons for strong passwords at least on e-commerce > sites. > > Usually is about inconvenience *instead* of security. The most > commonly used security "metric" is how safe users feel they are, or > stakeholders believe users are. > > A reality check about how much credit card companies actually care: > http://www.zug.com/pranks/credit-cards/ > > I would certainly not advocate weak passwords. But password strength > is a subjective matter. The same password can be considered very weak > or unbeatably strong by two different algorithms ( = programmers). > That is why the burden is always on the user, whose decision must be > respected. Inform users how strong your algorithm "thinks" their > passwords are (I second Andrew on doing it on the fly), but don't > kick them out if they consider that the value that password has to > protect does not deserve any more trouble. > > > . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . > Posted from the new ixda.org > http://www.ixda.org/discuss?post=34957 > > > ________________________________________________________________ > Welcome to the Interaction Design Association (IxDA)! > To post to this list ....... [EMAIL PROTECTED] > Unsubscribe ................ http://www.ixda.org/unsubscribe > List Guidelines ............ http://www.ixda.org/guidelines > List Help .................. http://www.ixda.org/help > ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [EMAIL PROTECTED] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
