Please do not change your password You were right: It's a waste of your time. A study says much computer security advice is not worth following.
By Mark Pothier | April 11, 2010
To continue reading this story, enter your password now. If you do not have a password, please create one. It must contain a minimum of eight characters, including upper- and lower-case letters and one number. This is for your own good.
Nonsense, of course, but it helps illustrate a point: You will need a computer password today, maybe a half dozen or more - those secret sign-ins that serve as sentries for everything from Amazon shopping carts to work files to online bank accounts. Just when you have them all sorted out, along comes another "urgent" directive from the bank or IT department - time to reset those codes, for safety's sake. And the latest lineup of log-ins you've concocted won't last for long, either. Some might temporarily stay in your head, others are jotted on scraps of paper and stuffed in a wallet. A few might be taped to your computer monitor in plain view (or are those are from last year's batch? Who can remember?).
Now, a study has concluded what lots of us have long suspected: Many of these irritating security measures are a waste of time. The study, by a top researcher at Microsoft, found that instructions intended to spare us from costly computer attacks often exact a much steeper price in the form of user effort and time expended.