Re: password about to expire notification

all mail refused wrote:
Whether password expiry is worth having is another matter -
I think it usually isn't.

It can actually reduce security, since people being forced to change
their password before they can get some work done are increasingly
likely to pick weak passwords and reuse them from other services.

I agree with Bruce Schneier on this issue: Pick strong,random passwords,
allow one paper copy of them, but encourage users to treat the written
down password like a credit card. And don't expire them.
.

Relevant Pages

  • Easy Money
    ... PINs and security codes were offered ... British bank details A fraudster offering to sell 30,000 British credit card ... Protection Act. ... addional powers that he says are needed to prevent breaches of data ...
    (uk.legal)
  • Re: Illegal to do research on cryptography?
    ... >>Um that's risk management not security. ... >>system is high because the cost of attack is low. ... > ...By now it should be obvious that hackers don't steal credit card ... Many smaller e-commerce sites don't use SSL to protect their ...
    (sci.crypt)
  • Re: Thou shalt have no other gods before the ANSI C standard
    ... >>care about security. ... In engineering we try to minimize the failure rate. ... The technique involves creating a sequence of derivative credit card ...
    (sci.crypt)
  • Re: Pentester convicted..
    ... the owner didn't want me to have it but I brought it back to ... It's more like you find their wallet, see the credit card ... Concerned about Web Application Security? ... Download FREE whitepaper on how a managed service can ...
    (Pen-Test)
  • Re: Security Advice Wanted!
    ... Call credit card companies and cancel the accounts. ... Call friends and apologize. ... > You have a serious security problem. ... After another reboot for installing more security tools you get ...
    (microsoft.public.security)