Need help with password aging
Stephen J. Friedl
friedl at vsi.COM
Sat Mar 18 14:25:09 AEST 1989
In article <9059 at alice.UUCP>, ark at alice.UUCP (Andrew Koenig) writes:
> It is far from clear to me that password aging accomplishes much.
> Its usual effect is to cause people to toggle between two similar
> passwords. I don't believe for an instant that such toggling
> will make passwords any harder to guess, break, or acquire.
Password aging makes it *much* easier to guess passwords. Not only
do people tend to toggle between a two passwords, they toggle between
two *bad* passwords because the timing is so terrible.
There you are, sitting at your terminal, thinking about getting
something done today. You enter your current password and SLAP,
you can't do *anything* until you think of a password RIGHT NOW.
This rude awakening is not conducive to picking a good password.
Steve
--
Stephen J. Friedl / V-Systems, Inc. / Santa Ana, CA / +1 714 545 6442
3B2-kind-of-guy / friedl at vsi.com / {attmail, uunet, etc}!vsi!friedl
"I think, therefore I'm a yam." - me
More information about the Comp.unix.questions
mailing list