Frequency of password changes and security

• Previous message: Ian Gregory: "Re: A "send email" utility?"
• Next in thread: all mail refused: "Re: Frequency of password changes and security"
• Reply: all mail refused: "Re: Frequency of password changes and security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: gcf@panix.com (G*rd*n)
Date: 29 Jan 2003 13:06:34 -0500

Is there any empirical data on the relation of frequency of
password change to security? Common wisdom derived from
Google searches seems to be that frequent password change,
because it deprives attackers of the value of information
obtained in the past, is a good idea. However, frequent
password change also means that people are more likely to
choose easily cracked passwords like common names (because
of the difficulty of memorizing numerous passwords), and to
display and pass them around in the clear (as by writing
them down on a postit and sticking it to one's computer
monitor). It does not seem like an open-and-shut case to
me at all. And in an hour's of looking through web sites
and old news articles, I haven't come across an actual test
of the theory, or any other empirical backing.

The sort of thing I am talking about is traditional Unix-
style login passwords in an environment where one cannot
confidently assume that the incoming calls are restricted to
a known set of users (e.g. the people at a certain company,
etc.)

-- 
                (<><>)         /*/
       }"{   G*rd*n   }"{   gcf@panix.com   }"{ 
{ http://www.etaoin.com | latest new material 1/19/03 <-adv't 

• Next message: all mail refused: "Re: Frequency of password changes and security"
• Previous message: Ian Gregory: "Re: A "send email" utility?"
• Next in thread: all mail refused: "Re: Frequency of password changes and security"
• Reply: all mail refused: "Re: Frequency of password changes and security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]