Human-Centred Security
Week Task Sheet: Security Policies
You’re going to write a password policy on Friday. You need to gather some
evidence
Search the literature to find best practice for the following things (split
amongst your group members)
a) Are people inclined to share passwords? In other words, should we
try to forbid this?
b) How often should people change their passwords (voluntarily)? In
other words how quickly can a password be compromised using the
latest technology?
c) Should we advise people not to write their passwords down?
d) Finally, what kind of advice should we offer people for choosing a
password? Remember the two arrows and the
data/information/knowledge pyramid – people remember
knowledge easy and data poorly.
If the literature doesn’t offer a ready answer, think about how to design to
accommodate human tendencies.