- Uppercase, lowercase and number requirements: “Password1” is no more secure than “password”, as that’s what this policy results in most users doing.
- Your password is too long: No, your field length is too small.
- Your password has expired and must be changed: making me change my password, makes me forget my password, makes me reset my password, creates an unnecessary weak point.
- Your password is too similar to your previous one: how do you know? Oh that’s right you use my password unencrypted so you know throughout your system what it is and creates opportunities for others to steal it. Hash it when I first give it you and compare the hash when I assert it in future.
- Here’s an email with your password: Just no.
- Here’s an email with a link to change/recover your password: See above.
- Sorry we don’t support 2nd Factor authentication: Use a federated service that does.
- Sorry we don’t support keychain / password management services: Get better developers who know how to integrate them.
Just in Case - From early adoption to maturity
I have control - Can we truly own our identity
Tipping the balance - Getting the right balance between security and user experience
I didn't say you could touch me - Biometric authentication and identity
You don't need to tell me - Impacts of the EU General Data Protection Regulations
Coming together on being alone - The need for a clear government digital strategy
I'm not the person I used to be - Authentication for real world identities
Distributed Identity has no clothes - Will distributed ledger technology solve identity
Bring Your Own Downfall - Why we should embrace federated identity
Unblocking Digital Identity - Identity on the Blockchain as the next big thing
Tick to Agree - Doing the right thing with customer's data
The Kids Are All Right - Convenient authentication: the minimum standard for the younger generation
The ridiculous mouse - Why identity assurance must be a rewarding experience for users
Big Brother's Protection - How Big Brother can protect our privacy
I don't know who I am anymore - How to prove your identity online
Three Little Words - What it means for your business to be agile
Unexpected Customer Behaviour - The role of self-service in your customer service strategy
Rip it up and start again - The successful Business Transformation
Too Big To Fail - Keeping the heart of your business alive
The upstarts at the startups - How startups are changing big business
One Small Step - The practice of greatness
In pursuit of mediocrity
- Why performance management systems drive mediocrity
Bryn Robinson-Morgan is an independent Business Consultant with interests in Identity Assurance, Agile Organisational Design and Customer Centric Architecture. Bryn has near 20 years experience working with some of the United Kingdom's leading brands and largest organisations.
Follow Bryn on Twitter: @No1_BA
Connect with Bryn on Linked In: Bryn Robinson-Morgan