Re: Passwords for bank sites - change or not?

From: Anne & Lynn Wheeler <lynn@xxxxxxxxxx>
Date: Thu, 18 May 2006 10:36:25 -0600

Sheik Yurbhuti <anon@xxxxxxxxxxxxxxx> writes:

Reasonable password management isn't impractical. Requiring a password
change every 6 months isn't unreasonable. It's a marvelous policy, and
no normal person should have any problem relearning a sufficiently
strong password twice a year, or using a suitable method of storage and
retrieval.

You're trying to prop up an argument that flies in the face of every
shred of common sense, and the advice of every knowledgeable security
professional that ever lived. I seriously doubt you're going to get
very far, but if you must you must I suppose. :(

the problem with passwords now start to crop up when you have a 100 or
more different passwords. post in similar thread
http://www.garlic.com/~lynn/2006j.html#28 Password Complexity

shared-secrets based authentication paradigm require unique password
for every unique security domain ... as countermeasure to cross-domain
replay/impersonation attacks. lots of past posts about shared-secret
based authentication
http://www.garlic.com/~lynn/subpubkey.html#secret

references to an old april 1st, password corporate directive from
1984
http://www.garlic.com/~lynn/2001d.html#52 A beautiful morning in ARM

--
Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
.

Follow-Ups:
- Re: Passwords for bank sites - change or not?
  - From: Sheik Yurbhuti

References:
- Passwords for bank sites - change or not?
  - From: Gualtier Malde
- Re: Passwords for bank sites - change or not?
  - From: Zoned
- Re: Passwords for bank sites - change or not?
  - From: Sheik Yurbhuti
- Re: Passwords for bank sites - change or not?
  - From: Sheik Yurbhuti

Prev by Date: Re: Passwords for bank sites - change or not?
Next by Date: subnetting (helps security)
Previous by thread: Re: Passwords for bank sites - change or not?
Next by thread: Re: Passwords for bank sites - change or not?
Index(es):
- Date
- Thread