Home

Information Security

Advertisements

Related Guides

Information Security

Confidential Information

Cybersecurity Risk

What is the Password Paradox?

John Spacey, updated on November 22, 2016

The password paradox is when an organization's requirements for a strong password leads users to poor security practices such as writing passwords down or reusing passwords. The following are common examples.

Complex Passwords

A password policy that requires long, complex passwords including things such as upper case, lower case, special characters and numbers makes it more likely that users will write passwords down or forget them and need to call customer support. This isn't necessarily bad, as writing a password in one physically secure place may be safer than using a weak password. A trusted password management tool that stores passwords in a strong encrypted format is perhaps helpful.

Password Change Policy

In the past, it was common for systems to require users to change passwords frequently. As this interrupts the flow of a user's task they are more likely to choose a weak password as they are motivated to continue.

Overview: Password Paradox
Type	Information Security
Definition	When a password policy intended to strengthen security ends up encouraging users to write passwords down, reuse passwords or choose weak passwords.
Related Concepts	Strong Password Defensive Computing Information Security

Information Security

This is the complete list of articles we have written about information security.

Confidential Information

Critical Infrastructure

Cryptographic Keys

Cryptographic Salt

Cybersecurity Risk

Defense In Depth

Digital Identity

Failure Of Imagination

Incident Response

Network Security

Non-repudiation

Operations Security

Overlay Network

Password Entropy

Password Fatigue

Secure Code Review

Security As A Service

Security Controls

If you enjoyed this page, please consider bookmarking Simplicable.

Security vs Privacy

The relationship between security and privacy.

Security vs Privacy

Security vs Privacy »

Hardening

An overview of technology hardening.

What is Hardening?

What is Hardening? »

Deep Magic

An overview of deep magic, a technology term.

What is Deep Magic?

What is Deep Magic? »

Defense In Depth

An overview of defense In depth.

What is Defense In Depth?

What is Defense In Depth? »

Encryption Examples

A definition of encryption with examples.

7 Examples of Encryption

7 Examples of Encryption »

Encryption: Asymmetric vs Symmetric »

Encryption vs Hashing »

Canary Trap

A definition of canary trap with an example.

What is a Canary Trap?

What is a Canary Trap? »

Honeypot

A definition of honeypot with examples.

11 Examples of a Honeypot

11 Examples of a Honeypot »

Security Through Obscurity

A definition of security through obscurity with an example.

What is Security Through Obscurity?

What is Security Through Obscurity? »

Tokens

A definition of token with examples.

5 Examples of a Token

5 Examples of a Token »

Backdoor

A definition of backdoor with examples.

5 Examples of a Backdoor

5 Examples of a Backdoor »

Privacy By Design

An overview of privacy by design.

18 Privacy By Design Techniques

18 Privacy By Design Techniques »

What is Data Liberation? »

7 Examples of Encryption »

Expectation Of Privacy

The definition of expectation of privacy.

What Is An Expectation Of Privacy?

What Is An Expectation Of Privacy? »

Personally Identifiable Information

An overview of personally identifiable information.

What is Personally Identifiable Information?

What is Personally Identifiable Information? »

Delete vs Wipe

The difference between deleting data and wiping it.

Delete vs Wipe

Delete vs Wipe »

Data Risks

A definition of data risk with examples.

9 Examples of Data Risks

9 Examples of Data Risks »

What is Data Escrow? »

6 Examples of a Data Owner »

Personal Information

A definition of personal information with examples.

15 Examples of Personal Information

15 Examples of Personal Information »

Data Subject

A definition of data subject with examples.

4 Examples of a Data Subject

4 Examples of a Data Subject »

Machine Readable

The definition of machine readable with examples.

10 Examples of Machine Readable Information

10 Examples of Machine Readable Information »

Delete

The definition of delete with examples.

7 Examples of Delete

7 Examples of Delete »

Privacy Examples

The definition of privacy with examples.

22 Examples of Privacy

22 Examples of Privacy »

Trending

The most popular articles on Simplicable in the past day.

20 Examples of Networks

20 Examples of Networks

A definition of network with examples.

11 Examples of Non-repudiation

11 Examples of Non-repudiation

A definition of non-repudiation with several common examples.

46 Common IT Problems

46 Common IT Problems

A list of common IT problems.

Hard Data vs Soft Data

Hard Data vs Soft Data

The difference between hard data and soft data.

New Articles

Recent posts or updates on Simplicable.

100 Types of Information Technology Services

100 Types of Information Technology Services

The definition of information technology service with examples.

4 Examples of System Architecture

4 Examples of System Architecture

Examples of system architecture diagrams.

SLA vs OLA

The difference between a SLA and a OLA.

What is Session Management?

What is Session Management?

An overview of session management.

Site Map

© 2010-2023 Simplicable. All Rights Reserved. Reproduction of materials found on this site, in any form, without explicit permission is prohibited.

View credits & copyrights or citation information for this page.

Home About Privacy Policy Cookies Terms of Use Contact Us Search

Cookies help us deliver our services. You have choices regarding these cookies. Please visit our privacy policy, cookie policy and consent tool to learn more.

Copyright 2002-2023 Simplicable. All rights reserved. This material may not be published, broadcast, rewritten, redistributed or translated. Report violations here.