When password requirements become too onerous, the level of protection decreases. Consider passwords of enormous complexity:
x amount of numbers,
y amount of capital letters, and
z number of character entries. There is no easy way to remember such a complex combination, so a given account holder would now store the password on his PC, in a relatively easy location, such as his personal folder. Family members, roommates, and anybody else (all of which were the most likely to access his account in the first place) with the capability of accessing his computer will be able to find this information relatively easy, and thus the ridiculous requirement guaranteed a break-in.
Even if we relax one of the parameters, it is likely that protection will still be compromised. Consider a single requirement of only z number of character entries, say, 15. I will now string words together that make up a silly sentence, or perhaps my full name, or the like, whereas before I could have remembered a small set of 4 random numbers that excluded anybody else with ease.
Of course, none of this is guaranteed, but I do question the effectiveness of password requirements. However, they have guaranteed excluding somebody from the account with unbelievable reliability:
Me, the account holder!!!
No comments:
Post a Comment