Complex password demands misplace security onus

Complex password requirements can make companies feel more secure than they are and make access unnecessarily difficult for end-users, Randall Stross writes. "It is not users who need to be better educated on the risks of various attacks, but the security community," says Cormac Herley of Microsoft Research. "Security advice simply offers a bad cost-benefit trade-off to users."

View Full Article in:

New York Times (tiered subscription model), The

Published in Brief: