regarding the PS Ben sent:
from that paper:
CONCLUSIONS AND A WAY FORWARD
We have looked in detail at a snapshot of events for a
sample of password users; but every minute taken in
unnecessary password use needs to be multiplied by orders
of magnitude to account for all the password uses even
within one organisation. This is the true cost of unusable
password policies. Against the world-view that “if only
[users] understood the dangers, they would behave
differently” , we argue that “if only security managers
understood the true costs for users and the organisation,
they would set policies differently”. We conclude with
some suggestions for how this might be achieved.
Towards Holistic Password Policies
The vision of a holistic approach for security policies is not
new; Sasse et al.  outlined what such a policy should
contain. In moving to a holistic approach, there is no single
ideal policy, as the ongoing debate about writing passwords
down [12, 17] indicate.
Focussing on frequency of password changing, or password
strength, without considering the user in their context of
work, is clearly not holistic.
So, there's the research, and if we take a
data-informed-decision-making process seriously, then the role of
client services in IT changes from being merely the fire rescue
team, into the far more professional role of
intermediary/translator/data collector between the two groups in the
conclusion: the system administrators, and the users.
Oh, sorry, I'm awake again...it was a nice dream, anyway. Back to
the fire station.
Carol Caldwell-Edmonds, IT Professional Senior
Enterprise Technology Services: Client Services
Helpline and Computer Depot Clinic Coordinator
University of Vermont
[log in to unmask]
never take yourself TOO seriously...
artwork by Shannon Edmonds
On 8/15/2011 10:14 AM, Benjamin Coddington wrote:
[log in to unmask]" type="cite">
For the record, I think Scott Adams is the /real/ prophet:
Here's a source study for True Cost:
On Aug 15, 2011, at 9:56 AM, Andrew Hendrickson wrote:
Unless the math is faulty, this comic, sent to me by an unnamed colleague, makes an interesting point regarding passwords:
Discuss amongst yourselves, I'll get coffee . . .
CAS, IT Administrator
UVM, College of Arts & Sciences
438 College Street #402
[log in to unmask]
To submit a request for service please use: