3. Remind users to change their password every 6 months.
4. Provide 2-step verification.
“GeQng into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to TwiGer. Had I used two-‐factor authenZcaZon for my Google account , it’s possible that none of this would have happened.”
-‐ MaG Honan, WIRED
“he very four digits that Amazon considers unimportant enough to display in the clear on the web are precisely the same ones that Apple considers secure enough to perform idenZty verificaZon.”
-‐ MaG Honan, WIRED
Digits
Google Security Key
5. Incentivize good security habits.
6. Advise users to create long strings, not random strings.
hGp://xkcd.com/936/
hGp://xkcd.com/936/
7. Show requirements all the time.
8. Show password characters.
“If people attempt to recover a password while checking out on a e-commerce site, 75% won’t complete their purchase.”
– Jared Spool
“Masking passwords doesn't even increase security, but it does cost you business due to login failures.”