Solving password problems one at a time, Re: The password-reset paradox
Ed Gerck
edgerck at nma.com
Mon Feb 23 17:40:43 EST 2009
James A. Donald wrote:
> No one is going to check for the correct three letter
> combination, because it is not part of the work flow, so
> they will always forget to do it.
Humans tend to notice patterns. We easily notice mispelngs. Your
experience may be different but we found out in testing that
three-letters can be made large enough to become a visually noticeable
pattern.
Reversing the point, the fact that a user can ignore the three-letters
is useful if the user forgets them. The last thing users want is one
more hassle. The idea is to give users a way to allay spoofing concerns,
if they so want and are motivated to, or learn to be motivated. Mark
Twain's cat was afraid of the cold stove.
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list