Jim Henderson wrote:
> On Fri, 04 Jul 2008 14:21:48 +0200, scott wrote:
>
>>>> Especially when some stupid system forces you to change it every
>>>> month.
>>> ...and this is bad because...?
>> You try coming up with a different strong password every month, *and*
>> remembering it without writing it down. I doubt I'm the only user of
>> this system who needs to write the password somewhere. I wonder if
>> security would actually be improved by removing the 1 month expiry.
>
> There have been studies done that suggest that changes that are too
> frequent reduce security for just this reason.
>
Do you have a pointer?
Post a reply to this message
|