Re: Frequency of password changes and security
From: all mail refused (elvis@notatla.demon.co.uk)
Date: 01/29/03
- Next message: A|MBOT: "Want to stealth :113"
- Previous message: G*rd*n: "Frequency of password changes and security"
- In reply to: G*rd*n: "Frequency of password changes and security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: elvis@notatla.demon.co.uk (all mail refused) Date: Wed, 29 Jan 2003 18:59:12 +0000 (UTC)
In article <b1957a$s84$1@panix2.panix.com>, G*rd*n wrote:
>Is there any empirical data on the relation of frequency of
>password change to security? Common wisdom derived from
>Google searches seems to be that frequent password change,
>because it deprives attackers of the value of information
>obtained in the past, is a good idea. However, frequent
>password change also means that people are more likely to
>choose easily cracked passwords like common names (because
Fred Cohen (at http://all.net) suggests (and I agree) that rapid password
aging is harmful on balance for the reason you give. I prefer no aging
but would accept 6 months from those who have a taste for it.
Depriving attackers of the value of information obtained in the past is
not as simple as employing password aging for reasons that include other
access methods the attacker may install.
About the only thing I like about password aging is that it periodically
breaks systems using hardcoded passwords.
-- decoy mail addresses: obtain username via 0x4f/tcp or 0x50/tcp
- Next message: A|MBOT: "Want to stealth :113"
- Previous message: G*rd*n: "Frequency of password changes and security"
- In reply to: G*rd*n: "Frequency of password changes and security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
