Part 2: On Passwords, Password Policies, and Teaching

Post Syndicated from David original

I noted in yesterday’s post that I used the answers to drive a conversation with a student employee, but didn’t provide details. I was asked what the assignment was, and thought that it might be of interest.I provided the initial question, and my response about what drives institutional policy – essentially what I summarized here. The assignment was:Explain how you would answer this question for a user, and for IT management, and how your policy might differ for each of these environments:A large multinational corporationA commercial website like Amazon, or a cloud service like Dropbox or PicasaA small company or non-profitThis sort of thought exercise is one that I feel is crucial for those who are learning information security, and is similar to questions I ask my employees when we discuss why our policies are what they are.

_uacct = “UA-1423386-1”;