Levels Tought:
Elementary,Middle School,High School,College,University,PHD
Teaching Since: | Apr 2017 |
Last Sign in: | 12 Weeks Ago, 2 Days Ago |
Questions Answered: | 4870 |
Tutorials Posted: | 4863 |
MBA IT, Mater in Science and Technology
Devry
Jul-1996 - Jul-2000
Professor
Devry University
Mar-2010 - Oct-2016
Attached please find an article on frequent password changes and their impact on security. After reading the article, read and respond to at least two of the questions and suggestions below. Initial response - 2-3 paragraphs. Also, please respond to others in the class in a separate posting in response to their posting, so it's clear who you're responding to.
1) Do you believe the author's premise, that requiring frequent password changes may actually decrease security? Why?
2) What attack methods seem to you most likely to break a password weakened as the author suggests? Why?
3) What methods seem to you most likely to improve protection for these "weakened" passwords? What can users and organizations do besides requiring password changes?
9/8/2016Regular password changes make things worsehttp://www.csoonline.com/article/3113710/dataprotection/regularpasswordchangesmakethingsworse.html?token=%23tk.CSONLE_nlt_cso_update…1/4Regular password changes make things worseMore like thisRELATED TOPICSSecurity experts have been saying for decades that human weakness can trump the best technology.Apparently, it can also trump conventional wisdom.Since passwords became the chief method of online authentication, conventional wisdom has been that changingthem every month or so would improve a person’s, or an organization’s, security.Not according to Lorrie Cranor, chief technologist of the Federal Trade Commission (FTC), who createdsomething of a media buzz earlier this year when she declared in a blog post that it was,“time to rethinkmandatory password changes.”She gave akeynote speech at the BSides security conferencein Las Vegas earlier this month making the samepoint.But the message was not new – she has been preaching it for some time. Cranor, who before her move to theFTC was a professor of computer science and of engineering and public policy at Carnegie Mellon University,gave aTED talkon it more than two years ago.She contends that changing passwords frequently could do more harm than good. Not because new passwords,in and of themselves, would make it easier for attackers, but because of human nature.She cited research suggesting that, “users who are required to change their passwords frequently select weakerpasswords to begin with, and then change them in predictable ways that attackers can guess easily.”This, she said, was demonstrated more than six years ago in a 20092010 study at the University of NorthCarolina at Chapel Hill. Researchers, using passwords of more than 10,000 defunct accounts of former students,
Attachments:-----------