![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Today's User Friendly strip makes a security point I've commented on myself many a time: If you make your password policy demanding enough, you can force all of your users to write their passwords down, and the odds are at least some of them will leave their password notes where they can be seen and/or found by someone who shouldn't have them. At which point your carefully crafted password policy, proof against any but the most massive distributed brute-force attack, becomes vulnerable to the pizza boy who happens to glance at the receptionist's desk while chatting her up on his way through the front lobby.
Tags:
Re: bad fingers ... no donut. Take 2:
It's not a case of anyone's math skills. Short term memory length is close to universal across individuals unless there's something noticeably damaged. If someone's short term memory was less than five, you'd *notice* there was something wrong with them. Not "ditzy". Something wrong.
I believe his wife told him this, but I disbelieve that this woman couldn't remember her best friend's phone number.
Re: bad fingers ... no donut. Take 2:
I know that. But the story very much plays to the horrid, sexist stereotype people have that "women are bad at anything involving numbers." Even if the particular story is true. And many urban legends play to negative stereotypes about various groups. So the story initially smelled like an urban legend to me.
The reason USAn local phone numbers were pegged at seven digits was that AT&T *did* talk to cognitive psychologists, and did research, and found that seven digits was the longest string most people could reliably remember.
As far as someone remembering four versus seven digits, remember that thirty years ago we didn't medicalize difference nearly as much as we do today. Variations in peoples' personalities, or skill levels at performing tasks such as remembering arbitrary strings of numbers, were just put down to differences between individuals and that was that.
In any event, as long as you practice reasonable security (don't write the PIN down on the card itself, or on a scrap of paper you keep in your wallet, etc.) four digit PINs don't seem to be all that insecure. Especially since the machine "eats" the card after three incorrect guesses. what worries me more in terms of security are the debit cards that are branded with a Visa or MC logo, since those can be used for purchases just on a signature.
Re: bad fingers ... no donut. Take 2: