Date: Thu, 17 May 2018 01:22:48 +0200 From: "e@...tmx.net" <e@...tmx.net> To: passwords@...ts.openwall.com Subject: Re: Keeping old passwords On 05/17/2018 01:16 AM, Denny O'Breham wrote: > I don't think they should provide protection to me (but I'm > questioning the goals of Google in that case) they simulate CARE about their users. the history of the MS teaches us that the pointless hassle sells like charm the more often you disturb the user the better is brand recognition. > (like telling me what characters should be in my password). most people do not share your sentiment. > If someone chooses a 4-character password, you can tell him his > password is not safe. But if he wants to keep it, let him. this is what a security expert would do. but google is not a security expert, they are MARKETING experts. > suspect suspicious activities, you can tell the user. But don't lock > him out of his account and ask him to jump through all sort of hoops > to regain access. the more hoops a user jumped through the more loyal he bwcomes (it is a variant of a "wasted investment" fallacy: user feels that he "invested" so much into maintaining his account that he (fallaciously) keeps investing in fear to lose his previous investment.
Powered by blists - more mailing lists
Powered by Openwall GNU/*/Linux - Powered by OpenVZ