The Human Factors of Password Security
's column on
directions for online publishing
Security experts often recommend that users select different passwords for each online service they belong to and that users change their password with regular intervals.
Good advice in theory, but in practice these experts have forgotten to consider the human factors of password security. Most security breaches happen because of various human weaknesses (e.g., users who give their password in response to email from a person claming to be a system administrator who needs the password to investigate a possible intruder!).
A simple human factors analysis shows that no normal human can remember fifty different random combinations of characters, leading to one of two common solutions: either users select non-random passwords that are easy to remember (and easy to crack), or the users write down the passwords on a piece of paper or in a file on their system (also a major compromise of security). Please note: people do this not because they are stupid or
to make their system easy to crack, but because it is physically impossible for them to do otherwise as long as they are required to have more than a very small number of passwords.
My solution is to get each user to select a very small number of truly random passwords, use the same passwords for many applications, and
never write a password down
. Admittedly, this is less secure than the hypothetical user who is able to memorize fifty different random passwords, but only a handful such people exist in the world.