wkbi.services.net
Open in
urlscan Pro
64.57.183.143
Public Scan
URL:
https://wkbi.services.net/
Submission: On September 08 via automatic, source certstream-suspicious
Submission: On September 08 via automatic, source certstream-suspicious
Form analysis 0 forms found in the DOM
Text Content
Skip to content WELL KNOWN BAD IDEAS They failed so you dont have to Menu * Home * About * Contact * Yelp * Facebook * Twitter * Instagram * Email PERIODIC PASSWORD CHANGES AND OTHER ILL-ADVISED PASSWORD POLICIES The main ones (h/t Bruce Schneier): * Periodic password changes address a problem on shared Unix minis in the late 1970s, not now. * Complexity rules are pointless, since the main risks are phishing and reuse, not guessing. * Password managers help a lot, web sites that try to prevent their use are, ah, sadly misguided. References https://www.wsj.com/articles/the-man-who-wrote-those-password-rules-has-a-new-tip-n3v-r-m1-d-1502124118 https://www.cerias.purdue.edu/site/blog/post/password-change-myths/ https://securingthehuman.sans.org/blog/2017/03/23/time-for-password-expiration-to-die Author johnlPosted on October 10, 2017Categories UncategorizedLeave a comment on Periodic password changes and other ill-advised password policies LET THE USER DECIDE ABOUT SECURITY We have lots of security schemes that try to figure out whether an online resource like a web page or an e-mail message is benign or malicious. Their tests use a lot of heuristics so they occasionally guess wrong or can’t tell. The WKBI is to show a warning and ask the user what to do if the system isn’t sure. Unfortunately, experiments have consistently shown that users do not understand the warnings and usually do whatever makes the warning go away fastest. It’s been described as “gargle parp SECURITY WARNING blurch gloopf DANGEROUS flurp churble. OK?” It’s always OK. Locks, green bars, and related icons and logos have the same problem. Users don’t understand what they mean, and don’t understand why a lock in one part of the screen (the browser bar) means something different from a lock somewhere else (inside a malicious web page.) * Browser bad certificate warnings * Mail icons or logos intended to indicate virtuous mail * Mail programs highlight signed and unsigned parts of the message References The Emperor’s New Security Indicators: An evaluation of website authentication and the effect of role playing on usability studies http://www.usablesecurity.org/emperor/ Author johnlPosted on October 8, 2017October 8, 2017Categories Mail, Security, WebLeave a comment on Let the user decide about security RECENT POSTS * Periodic password changes and other ill-advised password policies * Let the user decide about security * Home * About * Contact * Yelp * Facebook * Twitter * Instagram * Email Well Known Bad Ideas Proudly powered by WordPress