The CMU-Q Community Partner Lecture Series features discussions by CMU-Q faculty members on pressing topics in business and leadership. This semester, Ryan Riley, associate teaching professor, computer science at CMU-Q will be discussing password policies.
About the lecture:
Most password policy recommendations, such as rules for complexity or frequency of password changes, were designed in a western, English-speaking environment more than 15 years ago. In many cases, these policies were formed based on research on how English-speaking users create passwords and how their accounts are ultimately compromised. This can result in two major issues for password policies enforced by organizations in Qatar today:
1) The policies may be out of date and based on old threat models.
2) The policies do not consider that most employees of the organization are not from a western, English-speaking context.
In this lecture, we will discuss how someone’s cultural and linguistic background impacts how they choose passwords, as well as how organizations can use this information to create better password policies. We will also discuss the most common reasons that user accounts are compromised today, and how that information should impact policies as well.