Do NOT Change Your Password ???

That’s is the conclusion of a study done by Cormac Herley, a principal researcher at Microsoft Research. He has concluded that “instructions intended to spare us from costly computer attacks often exact a much steeper price in the form of user effort and time expended.”

So, the multiple logins and passwords we try to keep track of, the changes every 6 months or so, the password requirements (at least 8 characters, letters and numbers, must start with a number and include one symbol) are great and most likely helpful; but the amount of effort put forth by users is much greater than the payback.  That is, if we take into consideration the worth of one’s time, then this process becomes more trouble than its worth.

What is missing? Definitive data on what works and is effective, and what isn’t. Herley surmises that if users or employees really saw a positive result for all they were doing, they would be more likely to do it. But right now, there are so many security requirements that it seems scatter-shot.

A very interesting article – worth your time to read! The study is also available.

[from Boston Globe]

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: