Earlier last week, the mighty Joshua Kaufman brought my attention to Jakob Nielsen’s latest alertbox about removing masks from password fields. This sparked some interesting debate, and it got me thinking again about passwords and security in general.

It has often seemed to me that the first mistake people tend to make in applying security is they think more is more. But to paraphrase Burroughs: without analysis of the threat, security can never be a means to any practical end other than simply more security. A wonderful example of this mistake is in Cory Doctorow’s recent Guardian piece about how he and his wife tied themselves up in knots when they tried to work out what would happen to their encrypted hard-drives and network passwords once they died or were incapacitated. The result being almost complete paralysis.
Continue reading Security’s First Mistake →