An IT Security consultant has made three primary recommendations regarding passwords:
- Prohibit guessable passwords
- such as common names, real words, numbers only
- require special characters and a mix of caps, lower case, and numbers in passwords
- Reauthenticate before changing passwords
- user must enter old PW before creating a new one
- Make authenticators unforgeable
- do not allow email or user ID as a password
Using WORD, write a brief paper of 200-300 words explaining each of these security recommendations along with 2 references. Do you agree or disagree with these recommendations? Would you change, add or delete any of these? Add additional criteria as you see necessary.