An IT Security consultant has made three primary recommendations regarding passwords:
1. Prohibit guessable passwords
o such as common names, real words, numbers only
o require special characters and a mix of caps, lower case and numbers in passwords
Reauthenticate before changing passwords
• user must enter old pw before creating new one
Make authenticators unforgeable
• do not allow email or user ID as password
Using WORD, write a brief paper of 200-300 words explaining each of these security recommendations. Do you agree or disagree with these recommendations. Would you change, add or delete any of these? Add additional criteria as you see necesarry.