This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

College/University Sales

stevenc317
stevenc317 Members
edited December 1969 in Lounge
Have you guys thought about working with College/Universities to give them site licenses for their staff & students to use 1Password both on Mac & PC. The reason why I mention this is my school (and I know it isn't unique) is 'obsessed' with security, forcing the students to change their passwords every 60 days (even when this has been proven to be more insecure). Additionally I know that many campuses provide students with a copy of Norton AV (or McAfee, etc) to 'protect' them from viruses.



Maybe you guys could talk to some universities and get some nice contracts with them. You could explain how using 1Password (w/dropbox) is the most secure way to generate hard-to-guess passwords and store them safely.



Just a thought.

Comments

  • Nik
    Nik
    edited December 1969
    Thanks for the suggestion, Steven!
  • Ben
    Ben AWS Team
    edited December 1969
    RIT may be interested in this as well.

    [url]http://www.facebook.com/RITInfosec?ref=ts[/url]
  • 1Jeff
    1Jeff Members
    edited December 1969
    I love this idea. I wish 1Password was everywhere, but quality over "get-it-out-the-door-now" mentality. That brings me to my point, I don't think Agile should do this until the Windows version of 1Password is in production. Figures are showing Macs to be the most popular laptop on the college campus (at least in America). The problem is, I see many more laptops running Windows unless I'm in the Mac Media Lab or near one of the arts classes. My university has a Mac lab, but the system of choice is Windows based PCs. I think it would be a better move to put an idea like this on the back burner to simmer until 1P for Windows is at production status. I think that's exactly what the Agile staffers would do anyways. Just my two cents.
  • stevenc317
    stevenc317 Members
    edited December 1969
    Jeff,



    I agree, while I use my MacBook Pro for most of my assignments, my law school requires us to use a proprietary application (logs all copy & paste, etc) for all of our reports and it is Windows only.
  • forumboy
    forumboy Junior Member
    just curious if you have a link to a study showing it's more insecure to change passwords every 2 months, or know why that is the case?



    [quote name='stevenc317' timestamp='1279825980' post='7087']

    my school (and I know it isn't unique) is 'obsessed' with security, forcing the students to change their passwords every 60 days (even when this has been proven to be more insecure).

    [/quote]
  • khad
    khad Social Choreographer
    [quote name='forumboy' timestamp='1281578105' post='8324']

    just curious if you have a link to a study showing it's more insecure to change passwords every 2 months, or know why that is the case?

    [/quote]



    I don't know that I would say it is LESS secure, but it certainly isn't worth the effort. The short version is that by the time you change your password, an attacker would have already used it. They don't wait weeks or months to use them. They use them immediately.



    Perhaps this will shed some light:



    http://research.microsoft.com/en-us/um/people/cormac/papers/2009/SoLongAndNoThanks.pdf



    Microsoft researcher Cormac Herley shows the true economics of burdening users with complex password policies:



    [quote]In addition to overestimating benefits, advice almost always ignores the cost of user effort. The incremental cost of forcing users to choose an 8-character strong password, as opposed to allowing a 6-digit PIN, is hard to measure, but is certainly not zero. And ignoring it leads to a failure to understand the rational and predictable nature of user response.[/quote]



    Skip to the conclusion if you are pressed for time. See also, my thoughts on password policies in [url="http://forum.agile.ws/index.php?/topic/1774-suggestions-how-secure-is-my-password/"]this other thread[/url]. Short version of that is: around 12 characters, all lowercase, no dictionary words.



    I hope that helps (though it is a bit off topic). Cheers!

Leave a Comment

Rich Text Editor. To edit a paragraph's style, hit tab to get to the paragraph menu. From there you will be able to pick one style. Nothing defaults to paragraph. An inline formatting menu will show up when you select text. Hit tab to get into that menu. Some elements, such as rich link embeds, images, loading indicators, and error messages may get inserted into the editor. You may navigate to these using the arrow keys inside of the editor and delete them with the delete or backspace key.