Passwords that are Simple - and Safe

By Simson Garfinkel


Researchers at Microsoft have come up with a way to create easy-to-remember passwords without making a system more vulnerable to hackers.

Instead of enforcing complex passwords, as many organizations do, the new scheme makes sure than no more than a few users can have the same password, which has a similar overall effect on security. Further research from Microsoft also reveals why only some organizations insist on very complex passwords.

Increasingly complex password requirements--rules like "passwords must be 14 characters long and contain at least two uppercase letters, two lowercase letters, and three symbols"--make it difficult for attackers to guess passwords using a so-called "dictionary attack," which involves trying many possible passwords in succession.

Without such restrictions, people tend to pick passwords that are easy to remember, easy to type--and easy to guess. For example, when 32 million passwords from the social media website RockYou were inadvertently released last December, nearly half were found to be "trivial passwords" such as consecutive digits, dictionary words, or common names, according to an analysis last January by the Web security firm Imperva.

Requiring that passwords include numbers, symbols, and mixed cases significantly increases the number of possible passwords. With such rules, a dictionary attack becomes infeasible, but passwords also become harder to remember.

Associated Link: More: Passwords that are Simple--and Safe

Three Things Steve Krug Didn’t Tell You About Usability Testing
Source: George Saines, 2 September 2010
 
Don't make me think. Well, ok, maybe a little bit.

Trace exactly what Users are doing
Source: killerstartups, 30 August 2010
 
A new tool lets you watch all of your website activity, in real-time replays.

Google boosts Usability with Gmail revamp
Source: V3.co.uk, 28 August 2010
 
Long overdue improvements to Gmail may increase its appeal to business users.

Tech4Africa conference runs in Johannesburg
Source: bizcommunity, 26 August 2010
 
A new conference in Africa recognises usability as a central concept to IT uptake.

Top 3 Usability Tips for Building Better Blogs
Source: CMS Wire, 24 August 2010
 
If you're compelled to blog, may as well get it right.

Outdoors and Out of Reach, Studying the Brain
Source: New York Times, 23 August 2010
 
Fascinating account of how heavy use of digital devices changes how we think and behave, and how a retreat into nature might reverse those effects.

Tips for International In-home User Research
Source: System Concepts Ltd, 20 August 2010
 
In-home user research can provide richer, more illuminating information than lab-based studies. Here are some tips for a successful in-home international research.

New Study- Gender differences in Web Usability
Source: Demystifying Usability blog, 18 August 2010
 
Comscore has released a new study (June 30 2010) entitled Women on the Web: How Women are Shaping the Internet.

UX Myths: Usability testing is Expensive
Source: UX Myths, 16 August 2010
 
Many organizations still believe usability testing is a luxury that requires an expensively equipped lab and takes weeks to conduct.

Usability testing may improve hit rate of Mobile Advertising
Source: UN, 14 August 2010
 
A new mobile advertising service is launching in the UK. Will usability testing help it achieve its goals?