Reqular Passwo0rd Changing Harms rather Than Improves Security
ฝัง
- เผยแพร่เมื่อ 23 ก.ค. 2024
- ne interesting finding was that if the researchers cracked a password, they could often (in 17% of cases) get that user's next password in less than five guesses. Unfortunately, when forced to provide a new password, users often made a minor change to their existing password. For example, in a simple case, secret10jan could be changed to secret10mar.
The main point of forcing password changes is to lock out people who know a legitimate user's password. But if users make programmatic changes, they can probably work out the new password as well.
Further, Cranor notes that "There is also evidence from interview and survey studies to suggest that users who know they will have to change their password do not choose strong passwords to begin with and are more likely to write their passwords down." - วิทยาศาสตร์และเทคโนโลยี
