Need help with password aging
Joe Niederberger
jgn at nvuxr.UUCP
Wed Mar 22 00:32:21 AEST 1989
In article <9059 at alice.UUCP> ark at alice.UUCP (Andrew Koenig) writes:
>In article <179 at camdev.UUCP>, sscott at camdev.UUCP (Steve Scott) writes:
>
>> As a major security overhaul within my company, the issue of password aging
>> has raised its head. So, I am in need of advice on how to implement such.
>
>It is far from clear to me that password aging accomplishes much.
>Its usual effect is to cause people to toggle between two similar
>passwords. I don't believe for an instant that such toggling
>will make passwords any harder to guess, break, or acquire.
>
It seems to me that the next logical step would be to force the user
to invent totally new passwords (relative to his/herself of course)
at each password change. But then, wouldn't the effect be to
exacerbate the existing tendency of users to choose easily remembered
passwords, which themselves present a security risk ? Does anybody
have any statistical evidence that forcing password changes actually
enhances security ?
x
x
x
x
x
x
x
x
x
x
x
x
x
x
Joe Niederberger
More information about the Comp.unix.questions
mailing list