Robert Martis
Joined: 14 May 2005
Posts: 22
|
| Posted: Tue Jun 07, 2005 3:33 pm Post subject: Why is it so hard for people to remember strong passwords? |
|
|
Password protection issues are very much indicative of what happens when a technical requirement runs afoul of basic human tendencies and capabilities.
Sometimes it seems that every website, network area, application, and even every computer requires us to enter a user ID and password. Simply defining and remembering these identification terms is a full-time job, at which we, as human beings, are just not well suited. We know that humans are notoriously poor at retaining information in short-term memory.
Security purposes are best served, I think we can all agree, by requiring users to identify themselves in such a way that (a) ensures we are who we say we are and, (b), is very difficult for people who are not us to figure out. So-called “strong” passwords, however, tend to be randomly generated and contain no information that can be easily associated with us personally. Unfortunately, we have great difficulty remembering these passwords, because those letters and numbers don’t mean anything to us.
Imposing too strict password policy force people to write passwords down or use the same passwords for all applications.
Would you ever design something that intentionally violated what you know to be the capabilities of your intended users? The answer is No. And yet, people routinely violate the cognitive capabilities of human users.
See the full story at What’s the Password? Batman35! |
|
