Password Entropy and Usability Forcing users to only use randomly generated password is bad The Weakest Link security principle applies Often times, guessing passwords is not the weakest link One can use various ways to reduce adversarys abilities to test password guesses Forgotten password The recovering method either has low security, or costs lots of money It creates a weaker link 41Password Entropy and Usability • Forcing users to only use randomly generated password is bad • The “Weakest Link” security principle applies: • Often times, guessing passwords is not the weakest link • One can use various ways to reduce adversary’s abilities to test password guesses • Forgotten password: • The recovering method either has low security, or costs lots of money • It creates a weaker link. Topic 3: User Authentication 412/3/2021