In 250 words
An IT Security consultant has made three primary recommendations regarding passwords:
- Prohibit guessable passwords
- such as common names, real words, numbers only
- require special characters and a mix of caps, lower case and numbers in passwords
- Reauthenticate before changing passwords
- user must enter old pw before creating new one
- Make authenticators unforgeable
- do not allow email or user ID as password explain each of these security recommendations. Do you agree or disagree with these recommendations. Would you change, add or delete any of these? Add additional criteria as you see necesarry.