Please do not change your passwordMark Pothier's Boston Globe article, Please do not change your password," covers a paper by Microsoft Researcher Cormac Herley, "So Long, and No Thanks for the Externalities: the Rational Rejection of Security Advice by Users," from the 2009 New Security Paradigms Workshop. Herley argues "that user's rejection of the security advice they receive is entirely rational from an economic perspective." Herley discusses "password rules," "teaching users to recognized phishing sites by reading URLs" and "certificate errors". Users obviously choose bad passwords, but does password aging actually help? There was some discussion on TechRepublic and Slashdot.
For other items, see the Security and Privacy News blog.