Security and Privacy News

---

Please do not change your password

Mark Pothier's Boston Globe article, Please do not change your password," covers a paper by Microsoft Researcher Cormac Herley, "So Long, and No Thanks for the Externalities: the Rational Rejection of Security Advice by Users," from the 2009 New Security Paradigms Workshop. Herley argues "that user's rejection of the security advice they receive is entirely rational from an economic perspective." Herley discusses "password rules," "teaching users to recognized phishing sites by reading URLs" and "certificate errors". Users obviously choose bad passwords, but does password aging actually help? There was some discussion on TechRepublic and Slashdot.

For other items, see the Security and Privacy News blog.

Key Resources:

Overview	Orgchart	Partners	Recent Pubs	Annual Report
News	Seminar	Research	Education	FAQ

• Resources for: Industry, Government, Faculty, Students & Staff
• TRUST Introduction (Powerpoint).
• Visitor parking, transportation, directions, lodging.
• Resources for TRUST researchers (presentation and poster templates, etc.).

How do I contact the Trust Center?
You are not logged in
Copyright © 2005-2012 TRUST