Recently I presented at the CFET (Cybercrime Forensics Education & Training) conference in Canterbury, in the UK, on password and PIN selection strategies, an ongoing research interest. To be more precise, on this occasion I was talking about revaluating the way we educate computer users about good password/passphrase/passcode selection practice. (I’m afraid there wasn’t a paper to go with the presentation, but there’s a very PIN-oriented paper I presented at EICAR a couple of years ago here: PIN Holes: Passcode Selection Strategies.) (I’ll probably return to the whole education and strategy issue on the ESET blog in the near future, but right now I want to look at a very specific issue.)
Hardly had I left Canterbury before my attention was directed to a paper by Dinei Florêncio and Cormac Herley of Microsoft Research and Paul C. van Oorschot of Carleton University, Ottawa, which, according to The Register ‘shot holes through the security dogma’: namely, a paper calledPassword portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts.
Passwords and Social Over-Engineering
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.