To: Swordmaker
for example, requiring people to change passwords too frequently merely forces them to write the new passwords down in some convenient place—always close to their computer and easily found, usually on a sticky note somewhere near their computer monitor, or even on the bottom of their keyboard, or taped to the pull out writing extension of their desk, with a list of previous passwords with lines through them—instead of memorizing them. I've seen this too many times. That's security? No, that's the other end of the spectrum from not changing them at all. Anybody who thinks enforcing password policies for minimum password length and complexity, and requiring them to be change periodically is "worthless busy work that gains no added security" doesn't have any business advising anyone on enterprise IT security.
To: tacticalogic
No, that's the other end of the spectrum from not changing them at all. What part of the phrase: ". . . too frequently. . . " do you fail to comprehend?
33 posted on
08/25/2015 12:35:17 PM PDT by
Swordmaker
( This tag line is a Microsoft insult free zone... but if the insults to Mac users continue...)
To: tacticalogic
Can you give me a good reason why my almost 30 year old password is no good anymore? The only one I can think of is someone gets ahold of discarded unix hard drives that had weak hashes back then. Even if they get the password it won’t do much good in a rainbow table nowadays since almost every hash is salted. I would argue that with the maturity of such techniques the need for changing passwords is basically gone.
40 posted on
08/25/2015 6:48:50 PM PDT by
palmer
(Net "neutrality" = Obama turning the internet into FlixNet)
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson