> On Feb 2, 2015, at 5:10 PM, Les Mikesell <lesmikesell at gmail.com> wrote: > > should a software > vendor make their code stop working for you because they think you > aren't working hard enough? When the consequence of widespread bad security is botnets and all the ills that derive therefrom — DDoS armies, spam, etc. — then yes, I think we do need to raise the industry’s overall level of security. At risk of bringing out some *actual* Internet nutters, the question of minimum password security levels is directly analogous to that of vaccination. When a large population stops vaccinating, we start seeing previously-defeated diseases coming back, like the measles outbreaks in California and rural Australia: http://goo.gl/7caiui http://goo.gl/8lT8Pd Polio was almost completely eradicated, but it’s starting to come back in the middle east after the CIA used a fake vaccination campaign as a pretext to try to get into bin Laden’s Pakistan compound: http://goo.gl/KbbMUC http://goo.gl/C2B5EE I believe personal freedom should count quite highly in policy discussions. But, when your failure to protect yourself endangers me, it stops being a question of personal freedom. Practice safe hex!