Q20 - Coming up with secure passwords for confidential

[ohthatpatrick]

Question Type:
Inference

Stimulus Breakdown:
CAUSAL DISTINCTION: people prefer easy to remember passwords, which are easier to guess. Random ones are harder to remember, harder to guess.
CAUSAL: forgetting password uses up your tech person's time.
CAUSAL: random ones are generally written down.
CAUSAL DISTINCTION: written down passwords are the biggest security threat of all.

Answer Anticipation:
With all this information, I'm sensing the tension between the easy to remember password, which would be easier for a hacker to guess but would probably never be written down anywhere, and the hard to remember password, which would be hard to remember, so we would likely either forget it and waste some of our tech person's time or write it down and thus open ourselves up to the biggest security threat. If we're trying to synthesize this info, the question that comes to my mind is, "With all the pros and cons of each method, should we be suggesting that people make easier or harder passwords?" I don't think a definite answer could be drawn, but the info seems to lean towards suggesting easier passwords, since having people make harder ones could causally lead to the greatest security threat of all.

Correct Answer:
C

Answer Choice Analysis:
(A) This is pretty reasonable, since writing the passwords down exposes them to the greatest security threat of all. But this is a MUST BE TRUE question. How would we derive "should" when there were no normative statements in the paragraph?

(B) We can't prove it's expensive. We can support the idea that it may "add to an expense", but even that we couldn't say MUST be true (the system administrator might have plenty of free time and be spending most it playing Fortnite, so bugging them to reset our password isn't going to necessarily change the salary they're getting.)

(C) YES, we should be able to say this, since MOST very difficult passwords ("generally") are written down, and this is the greatest security threat of all.

(D) This would be correct if it said "the least likely to be guessed", but there's more than one way to have a security breach. You might guess the password or you might find where someone wrote the password down. We should be suspicious of this answer to begin with because it would be supported with only one fact (Random configs of letters and numbers are the hardest to guess), and the correct answer to Inference almost always involves pulling together two or more facts.

(E) "The more X, the more Y" is an incredibly extreme relationship. This is saying "for each extra unit of easy password, you get another unit of security for the computer". Answers written in this form will almost always be wrong, because they are claiming such a strong, universal connection between to things.

Takeaway/Pattern: The correct answer did indeed attempt to synthesize the pros vs. cons debate of easy passwords vs. hard ones. If you were "reading this again the way you wish you had", you would have wanted to place special emphasis on the last idea, that "writing down passwords is the greatest security threat of all.

#officialexplanation

[KevinC412]

How is C MUST BE TRUE? Generally, hard to remember passwords are written down, but that doesn't mean always. It has the same problem as A in my opinion.

[JohnnyL721]

How is C MUST BE TRUE? Generally, hard to remember passwords are written down, but that doesn't mean always. It has the same problem as A in my opinion.

It states that passwords that are written down is the GREATEST security threat of them all, which has to mean that any other type of security threat (passwords easy to guess) is less of a threat.