On Feb 2, 2015, at 5:10 PM, Les Mikesell lesmikesell@gmail.com wrote:
should a software vendor make their code stop working for you because they think you aren't working hard enough?
When the consequence of widespread bad security is botnets and all the ills that derive therefrom — DDoS armies, spam, etc. — then yes, I think we do need to raise the industry’s overall level of security.
At risk of bringing out some *actual* Internet nutters, the question of minimum password security levels is directly analogous to that of vaccination. When a large population stops vaccinating, we start seeing previously-defeated diseases coming back, like the measles outbreaks in California and rural Australia:
http://goo.gl/7caiui http://goo.gl/8lT8Pd
Polio was almost completely eradicated, but it’s starting to come back in the middle east after the CIA used a fake vaccination campaign as a pretext to try to get into bin Laden’s Pakistan compound:
http://goo.gl/KbbMUC http://goo.gl/C2B5EE
I believe personal freedom should count quite highly in policy discussions. But, when your failure to protect yourself endangers me, it stops being a question of personal freedom.
Practice safe hex!