Web Applications Research Question
Posted 05 September 2015 - 12:02 PM
Posted 05 September 2015 - 12:03 PM
Edited by troybolton, 05 September 2015 - 12:04 PM.
Posted 03 December 2015 - 07:21 PM
Most of the time they assume users know something about the product and will set a password.
When they do not require a specific type of password, this is often because the research suggests users will still set weak passwords.
They also know having a password policy will sometimes frustrate users who will then write it down, might forget it, or use a "strong" (upper and lower case letter, at least one number, 8-char) password, but these policies still churn out weak passwords, as evidenced by the use of deprecated hash functions and the number of cracked passwords using this type of policy.
Enforcing a policy is often a bad idea; very occasionally users might have a better policy and know what they need, and sometimes it's easier/better to take a head-in-the-sand approach, by making assumptions that the user has read the documentation. The hope is that this makes for a flexible and easy to install product, offloading the more difficult task of particular requirements and policy to users.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users