<div dir="ltr"><div><div><div dir="ltr">
<table bgcolor="#ffffff" cellpadding="0" cellspacing="0" width="100%">
<tbody>
<tr>
<td align="left" valign="top">
<table cellpadding="0" cellspacing="0">
<tbody>
<tr>
<td style="border-top:0px solid rgb(0,0,0);border-bottom:1px solid rgb(255,255,255);background-color:rgb(255,255,255);text-align:center" align="center"><span style="font-size:10px;color:rgb(96,96,96);line-height:200%;font-family:verdana;text-decoration:none">Email
not displaying correctly? <a href="http://www.oplin.org/4cast/" style="font-size:10px;color:rgb(0,0,255);line-height:200%;font-family:verdana;text-decoration:none" target="_blank">View
it in your browser.</a></span></td>
</tr>
<tr>
<td style="border-top:0px solid rgb(51,51,51);border-bottom:0px solid rgb(255,255,255);background-color:rgb(255,255,255)">
<center><a><img src="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickheader.jpg" title="OPLIN" alt="OPLIN 4Cast" align="middle" border="0"></a></center>
</td>
</tr>
</tbody>
</table>
<table style="width:763px;height:877px" bgcolor="#ffffff" cellpadding="20" cellspacing="0">
<tbody>
<tr>
<td style="font-size:12px;color:rgb(0,0,0);line-height:150%;font-family:trebuchet ms" background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg" bgcolor="#ffffff" valign="top">
<p>
<span style="font-size:20px;font-weight:bold;color:rgb(0,0,0);font-family:arial;line-height:110%">OPLIN 4cast #456: Password (in)sanity</span><br>
<span style="font-size:11px;font-weight:normal;color:rgb(102,102,102);font-style:italic;font-family:arial">September 23rd, 2015</span></p>
<p style="text-align:justify;font-size:16px;font-family:arial;line-height:110%"><img align="left" src="http://www.oplin.org/4cast/wp-content/uploads/2015/09/password.png" alt="password text box" width="130" height="110">Passwords, passwords, when are we ever going to quit talking about passwords? Perhaps sooner than you might think. The huge hack of the Ashley Madison servers, which <a href="http://arstechnica.com/security/2015/09/once-seen-as-bulletproof-11-million-ashley-madison-passwords-already-cracked/" target="_blank">compromised 11 million passwords</a>, made password security a topic of the mainstream media last month, with all the usual reminders of the rules for good password management that we're all supposed to follow. But there is also a growing opinion that these rules have become so complex that most of us just give up and ignore them, and that what we need is not more rule reminders, but more common sense in how we ask people to create and manage passwords. For instance, what about the rule that says we should never reuse a password?
</p>
<div> </div>
<ul style="text-align:left">
<li style="text-align:justify;font-size:16px;font-family:arial;line-height:110%"><a href="http://arstechnica.com/security/2015/09/ashley-madison-password-crack-could-spell-trouble-across-the-internet/" target="_blank">Ashley Madison password crack could spell trouble across the Internet</a> (Ars Technica | Dan Goodin) "The group hasn't released the passwords, but now that their findings are public, it's inevitable the vulnerable passcodes will become widely available. And assuming Ashley Madison subscribers have used those passwords to protect other accounts, that means the Internet may be in store for a new round of account compromises. Ars has long advised readers to use <a href="https://agilebits.com/onepassword" target="_blank">1Password</a>, <a href="https://lastpass.com/" target="_blank">LastPass</a> or another widely used password manager to store a long, randomly generated password that's unique for each account."</li>
<li style="text-align:justify;font-size:16px;font-family:arial;line-height:110%"><a href="http://betanews.com/2015/08/27/84-percent-of-people-support-eliminating-passwords/" target="_blank">84 percent of people support eliminating passwords</a> (BetaNews | Ian Barker) "Almost half of the survey respondents (46 percent) say they currently have more than 10 passwords to manage, and 68 percent acknowledge that they reuse passwords for multiple accounts. In addition, 77 percent say they often forget passwords or have to write them down. Among respondents' top password peeves are those systems that require users to change their password frequently, and systems that require users to create passwords that do not fit the model of one they regularly use."</li>
<li style="text-align:justify;font-size:16px;font-family:arial;line-height:110%"><a href="http://www.softwareadvice.com/security/industryview/millennial-threat-report-2015/" target="_blank">Are millennials the latest security threat?</a> (Software Advice | Daniel Humphries) "Here, millennials come out in front, with 85 percent admitting to reusing passwords. However, Gen X lags only six percentage points behind, at 79 percent, while almost three-quarters (74 percent) of boomers are guilty of the same bad habit. So are millennials inherently more cavalier regarding password security? Not necessarily: assuming millennials use more online services and apps than their parents and grandparents, they will have a greater quantity of passwords to remember. So it's no surprise if they reuse some of them."</li>
<li style="text-align:justify;font-size:16px;font-family:arial;line-height:110%"><a href="https://cesgdigital.blog.gov.uk/2015/09/08/making-security-better-passwords/" target="_blank">Making security better: Passwords</a> (Gov.UK CESG Digital blog | Jon Lawrence) "There are passwords everywhere! However, the conversation we've had with people all around the public sector hasn't been a happy one when it comes to passwords. When every system needs a different password, the complexity settings for each system are set high, and password changes are enforced frequently, the outcome is not better security. Through research, in collaboration with the <a href="http://www.riscs.org.uk/" target="_blank">Research Institute in the Science of Cyber Security</a>, we've learnt about how trying to make passwords 'more secure' means systems end up less secure. When we're overloaded with passwords, we all end up 'breaking the rules': we use the same passwords across different systems; we use coping strategies to make passwords more memorable (and thus more easily guessed), and we store passwords insecurely."</li>
</ul>
<div style="text-align:left"> </div>
<p style="text-align:left;font-size:20px;font-family:arial;line-height:110%"><small><strong><em>Articles from <a href="http://ohioweblibrary.org" target="_blank">Ohio Web Library</a>:</em></strong></small><br>
</p>
<div style="text-align:justify;font-size:16px;font-family:arial;line-height:110%">
<ul>
<li><a href="http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=90488486&site=ehost-live" target="_blank">Pass fail.</a> (<em>Mechanical Engineering</em>, Oct. 2013, p.42-47 | Jean Thilmany)</li>
<li><a href="http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=50218716&site=ehost-live" target="_blank">The psychology of password management: a tradeoff between security and convenience.</a> (<em>Behaviour & Information Technology</em>, May/June 2010, p.233-244 | L. Tam, M. Glassman, and M. Vandenwauver)</li>
<li><a href="http://search.ebscohost.com.proxy.oplin.org/login.aspx?direct=true&db=buh&AN=60507779&site=ehost-live" target="_blank">Impact of restrictive composition policy on user password choices.</a> (<em>Behaviour & Information Technology</em>, May/June 2011, p.379-388 | John Campbell, Wanli Ma, and Dale Kleeman)</li>
</ul>
</div>
<div style="text-align:left"> </div>
</td>
</tr>
<tr>
<td background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickbgwide.jpg" valign="top" width="760"><span style="font-size:10px;color:rgb(96,96,96);line-height:100%;font-family:verdana">
<hr>
<div style="text-align:justify">The <strong><em>OPLIN
4cast</em></strong>
is a weekly compilation of
recent headlines, topics, and trends that could impact public
libraries. You can subscribe to it in a variety of ways, such as: <br>
</div>
<div style="text-align:left"> </div>
<ul>
<li style="text-align:justify"><strong>RSS feed.</strong>
You
can receive the OPLIN 4cast
via RSS feed by subscribing to the following URL:
<a href="http://www.oplin.org/4cast/index.php/?feed=rss2" target="_blank">http://www.oplin.org/4cast/index.php/?feed=rss2</a>. </li>
<li style="text-align:justify"><strong>Live Bookmark.</strong>
If you're using the Firefox
web browser, you can go to the 4cast website
(<a href="http://www.oplin.org/4cast/" target="_blank">http://www.oplin.org/4cast/</a>) and click on the orange "radio wave" icon
on the right side of the address bar. In Internet Explorer 7, click on
the same icon to view or subscribe to the 4cast RSS feed. </li>
<li style="text-align:justify"><strong>E-mail.</strong>
You
can have the OPLIN 4cast
delivered via e-mail (a'la OPLINlist and OPLINtech) by subscribing to
the 4cast mailing list at
<a href="http://mail.oplin.org/mailman/listinfo/OPLIN4cast" target="_blank">http://mail.oplin.org/mailman/listinfo/OPLIN4cast</a>. </li>
</ul>
</span> </td>
</tr>
<tr>
<td style="border-top:0px solid rgb(255,255,255);background-color:rgb(255,255,204)" background="http://www.oplin.org/4cast/wp-content/themes/4cast/images/kubrickfooter.jpg" valign="top" width="760"> <br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div></div></div>
</div>