Elaborate requirements for account passwords might sound invincible, but experts say Americans aren’t paying enough attention to other online security threats, reports the New York Times. Make your password strong, with a unique jumble of letters, numbers, and punctuation marks. But memorize it—never write it down. And, oh yes, change it every few months. These instructions are supposed to protect us—but they don’t. Some computer security experts are advancing the heretical thought that passwords might not need to be “strong,” or changed constantly. They say onerous requirements for passwords have given us a false sense of protection against potential attacks. In fact, they say, we aren’t paying enough attention to more potent threats. Here’s one threat to keep you awake at night: Keylogging software, which is deposited on a PC by a virus, records all keystrokes—including the strongest passwords you can concoct—and then sends it surreptitiously to a remote location. “Keeping a keylogger off your machine is about a trillion times more important than the strength of any one of your passwords,” says Cormac Herley, a principal researcher at Microsoft Research who specializes in security-related topics. After investigating password requirements in a variety of settings, Herley is critical not of users but of system administrators who aren’t paying enough attention to the inconvenience of making people comply with arcane rules. Donald A. Norman, a co-founder of the Nielson Norman Group, makes a similar case. In an essay published last year, he noted the password rules of Northwestern University, where he then taught, was a daunting list of 15 requirements. He said unreasonable rules can end up rendering a system less secure: Users end up writing down passwords and storing them in places that can be readily discovered…

Click here for the full story

About the Author:

Laura Ascione

Laura Ascione is the Managing Editor, Content Services at eSchool Media. She is a graduate of the University of Maryland's prestigious Philip Merrill College of Journalism. When she isn't wrangling her two children, Laura enjoys running, photography, home improvement, and rooting for the Terps. Find Laura on Twitter: @eSN_Laura http://twitter.com/eSN_Laura