[Sigia-l] Password usability
Jayson Elliot
jayson.elliot at gmail.com
Fri Dec 10 12:01:01 EST 2010
There is a lot of research that I can find about security policies and
usability when it comes to user passwords.
What I'm not able to find, however, is anything related to policies with
FORBID special characters. We have a security specialist in IT who is
insisting that the password policy must forbid special characters, because
"special characters give users too many options to forget."
This sounds ludicrous on the face of it to me, because merely giving people
the option to choose special characters is not the same thing as requiring
them. If someone has a favorite password which contains an exclamation mark,
for example, forcing them to use a different password could result in their:
A) Selecting a password that they can't remember
or
B) Giving up during registration and not completing the process.
Does anyone know of a white paper or research that addresses this issue?
More information about the Sigia-l
mailing list