Beefy Boxes and Bandwidth Generously Provided by pair Networks Frank
Welcome to the Monastery
 
PerlMonks  

Re^2: Status of Recent User Information Leak

by Argel (Prior)
on Aug 03, 2009 at 00:45 UTC ( #785310=note: print w/ replies, xml ) Need Help??


in reply to Re: Status of Recent User Information Leak
in thread Status of Recent User Information Leak

When developers and designers continue to ignore how people actually behave then said developers and designers are the ones at fault. Studies have shown over and over that people write complicated passwords down, reuse passwords, etc. What we really need is a decent and inexpensive two-factor auth solution.

And if you want to play the "professional" card then you might want to avoid saying things like "[certain people] should be publicly humiliated with extreme prejudice".

Elda Taluta; Sarks Sark; Ark Arks


Comment on Re^2: Status of Recent User Information Leak
Re^3: Status of Recent User Information Leak
by Trimbach (Curate) on Aug 03, 2009 at 01:29 UTC
    When developers and designers continue to ignore how people actually behave then said developers and designers are the ones at fault. Studies have shown over and over that people write complicated passwords down, reuse passwords, etc.

    Yes, people do dumb things. And they use their birth date for their ATM pin. The natural (and even universal) tendency to do dumb things doesn't absolve users from taking responsibility for their actions.

    What we really need is a decent and inexpensive two-factor auth solution.

    Sure. And maybe (maybe) we'll get one of those someday, but until then the game is all about risk mitigation. The risk for me for a security breach at PM is zero. So therefore I don't care what PM does or does not do to secure my information. YMMV.

    And if you want to play the "professional" card then you might want to avoid saying things like "certain people should be publicly humiliated with extreme prejudice".

    No, if I wanted to play the "professional" card I'd use much harsher terms, like "fired." Any professional, who has been trained in IT security procedures, and who is fully aware of the risks and hazards of password security, who nevertheless uses the same same password on PM that they use on a server or a bank account deserves much more punishment than mere humiliation.

    Gary Blackburn
    Trained Killer

      I think we are well past the time where just blaming the users is acceptable or professional. The actual studies are often just ignored and blaming the victim has just become an excuse. Not exactly a recipe for innovation, eh? The problem at this point is with the industry.

      Elda Taluta; Sarks Sark; Ark Arks

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://785310]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others chanting in the Monastery: (11)
As of 2014-04-16 17:47 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (433 votes), past polls