A great article in The Guardian on Saturday about online passwords, what a nightmare they have become for all of us and how our natural response is making the job of the hacker easier - http://gu.com/p/3aptz
The interesting point it makes is how the requirements placed on users to have more complex passwords (mix of cases, including non-alphanumerics, etc) means that most of us, in a desperate attempt to have something memorable, end up choosing something that is easier to crack. Also the use of passwords as the primary security measure means most of us choose the same password for everything - so hack one site and ID fraud becomes much easier.
Once again, a great example of the impact of a lack of joined-up user centred thinking and a failure to understand how people really behave. We can't remember these passwords - it is a natural constraint on human memory - so we take the easier path which works for us. Clearly our reliance on passwords is a weak point in security systems - what technology will provide the solution?
Labels: human behaviour, human error, human factors, interaction, security