Just don't forget that your user's are part of the security of your system. Requiring a password system they have no choice but to write down, for example, is LESS secure than a password of their choice that has the option to be changed each month but can be set back to the same thing and is salted liberally.
The first is more secure, if everyone was using safe password storing procedures. They won't. So the second at least isolates them if their password is cracked, which would have been the case in both scenarios and more common in the first. I'd say remembering that your users are cogs in the security machine and that they will sidestep anything they can in the name of convenience, is the most important thing you can teach any security student. Because the most technically secure systems are normally the ones you can walk into any building and nab a password for by lifting keyboards. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Posted from the new ixda.org http://www.ixda.org/discuss?post=46059 ________________________________________________________________ Welcome to the Interaction Design Association (IxDA)! To post to this list ....... [email protected] Unsubscribe ................ http://www.ixda.org/unsubscribe List Guidelines ............ http://www.ixda.org/guidelines List Help .................. http://www.ixda.org/help
