|
|
|
|
|
|
by abeyer
1174 days ago
|
|
|
That's not _really_ what that study says... what they found was that "A password guideline including three sample password creation methods and a persuasive message and important notes for the experimental group" gave a small improvement over enforcing password restrictions. So it finds that training people to come up with good passwords immediately before they're asked to do so results in slightly better passwords. Notably, they did _not_ test what happens when you train users and also enforce restrictions, nor what happens when you don't train users and don't enforce restrictions. But then also recognized "the participants in the experimental group spent time to read the information and applied the given methods to produce passwords, maybe just to help a research study by participating. However, in real life, users may not make an effort to read the information provided in the password guidelines unless they have to. Zakaria [64] suggested that one possible way to overcome this is to make reading and understanding the password guidelines compulsory before constructing a password." So even if we were to follow the findings here, the result would be to create _more_ friction, not less. |
|
|
—
That having been said, friction is subjective. So we’ll have to agree to disagree about your last point.