next up previous
Next: Changing Passwords Up: COMP 5407 Project 2: Previous: Introduction


How can ``good security'' rules cause bad security?

Adams and Sasse found one user whose comments clearly illustrated the relationship between rules intended to improve security and the compromise of security. Of his password, he said ``... because I was forced into changing it every month I had to write it down." [Adams and Sasse, 1999] Many users make insecure choices when presented with rules designed to make things more secure.

Security rules are not restricted to passwords, either. Consider cars: it used to be that cars could be hot-wired once someone had managed to get into the car, perhaps by breaking a window or forcing the lock on the door. But in order to make them harder to steal (that is, more secure) insurance companies and car manufacturers have come up with clever security devices. But with more security devices in place on higher end cars, car thieves have had to adapt. In some cases, that means fairly clever scams involving pretending to buy a car to get access to information about it. But other thieves bypass trying to disable the devices and resort to waiting until the owner returns to the car, keys in hand. [Tognazzini, 2003] This is a much more dangerous situation for the car owner! It may not be hyperbole to say that these ``security" rules can even cost lives.

There are several commonly-used security rules that have unintended side effects as users find ways to cope with them. Nielsen claims that ``security-enhancing" rules lead to one outcome: users write down their passwords [Nielsen, 2000]. However, even those who don't write down passwords may be making poor security choices. This section looks at a few very common password rules intended to improve security, and discusses why they also cause security problems, and what those problems are.



Subsections
next up previous
Next: Changing Passwords Up: COMP 5407 Project 2: Previous: Introduction
Terri 2004-01-05