Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 17 May 2018 01:22:48 +0200
From: "e@...tmx.net" <e@...tmx.net>
To: passwords@...ts.openwall.com
Subject: Re: Keeping old passwords

On 05/17/2018 01:16 AM, Denny O'Breham wrote:
>   I don't think they should provide protection to me (but I'm
> questioning the goals of Google in that case)

they simulate CARE about their users.
the history of the MS teaches us that
the pointless hassle sells like charm
the more often you disturb the user the better is brand recognition.


> (like telling me what characters should be in my password).

most people do not share your sentiment.


> If someone chooses a 4-character password, you can tell him his
> password is not safe.  But if he wants to keep it, let him.

this is what a security expert would do.
but google is not a security expert, they are MARKETING experts.


> suspect suspicious activities, you can tell the user.  But don't lock
> him out of his account and ask him to jump through all sort of hoops
> to regain access.

the more hoops a user jumped through the more loyal he bwcomes
(it is a variant of a "wasted investment" fallacy:
user feels that he "invested" so much into maintaining his account
that he (fallaciously) keeps investing in fear to lose his previous 
investment.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.