Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Web Applications Research Question


  • Please log in to reply

#1
troybolton

troybolton

    New Member

  • Member
  • Pip
  • 2 posts
Dear Geeks to Go Community,
I am currently conducting a survey for a class and would appreciate your help/opinion on the following question:
 
*Why do many (web) applications still come with a default password (e.g., <empty>, password,...) and do not require the user to set a
password (according to a reliable password policy) while installing them?*
 
Thank you for your support

  • 0

Advertisements


#2
troybolton

troybolton

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
Dear Geeks to Go Community,
I am currently conducting a survey for a class and would appreciate your help/opinion on the following question:
 
*Why do many (web) applications still come with a default password (e.g., <empty>, password,...) and do not require the user to set a
password (according to a reliable password policy) while installing them?*
 
Thank you for your support

Edited by troybolton, 05 September 2015 - 12:04 PM.

  • 0

#3
sethandrews

sethandrews

    New Member

  • Member
  • Pip
  • 4 posts

Most of the time they assume users know something about the product and will set a password.

 

When they do not require a specific type of password, this is often because the research suggests users will still set weak passwords.

 

They also know having a password policy will sometimes frustrate users who will then write it down, might forget it, or use a "strong" (upper and lower case letter, at least one number, 8-char) password, but these policies still churn out weak passwords, as evidenced by the use of deprecated hash functions and the number of cracked passwords using this type of policy.

 

Enforcing a policy is often a bad idea; very occasionally users might have a better policy and know what they need, and sometimes it's easier/better to take a head-in-the-sand approach, by making assumptions that the user has read the documentation.  The hope is that this makes for a flexible and easy to install product, offloading the more difficult task of particular requirements and policy to users.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP