I dunno, for some reason I kind of believe that survey result. I mean if you think about it, 95% of the people using computers are not savy in any way, let alone security cautious. They don't know what security is, and they don't want to know and most of the time, they dont get paid nearly enough to even let the matter touch on their brain. The fact is, YES passwords are always the first line of defense, for anykind of security layer, BUT the more you ask a user to change their password, the more issues that will arise, they tend to just add a number or letter to the end of it, their password tends to be more and more guessable. Repetition leads to lazyness.

I read somewhere of a new way of password/user authentication, might have been on this site actually.

1. Step one, you enter your password.
2. Step two, you get a window with anywhere from 10-12 different employee pictures. You have 1 attempt to click on the employee that is you.

The pictures are actually linked up to the password hash somehow, and that authenticates you, these pictures are always lined up seperately somehow.. Anyhow, I don't remember the specifics, but it was a great idea.

haha sorry for that random garble and my grammar. If anyone knows what I am talking about, please elaborate


-packetstorm

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/245/26528#26528