QOTD on Passwords & Lemons

Because ordinary users are unlikely to spot the difference between high and low-quality password implementations, password security in websites can be modelled as a lemons market. In applying this model, insecure sites can beat secure sites in the market with lower deployment costs if password security offers no advantage in gaining users.

Src: The password thicket: technical and market failures in human authentication on the web, Ninth Workshop on the Economics of Information Security (WEIS 2010), 7-8 June 2010, Harvard / USA, 2010.

No comments: