|
|
On Fri, 04 Jul 2008 22:07:48 +0200, andrel wrote:
> Jim Henderson wrote:
>> On Fri, 04 Jul 2008 14:21:48 +0200, scott wrote:
>>
>>>>> Especially when some stupid system forces you to change it every
>>>>> month.
>>>> ...and this is bad because...?
>>> You try coming up with a different strong password every month, *and*
>>> remembering it without writing it down. I doubt I'm the only user of
>>> this system who needs to write the password somewhere. I wonder if
>>> security would actually be improved by removing the 1 month expiry.
>>
>> There have been studies done that suggest that changes that are too
>> frequent reduce security for just this reason.
>>
> Do you have a pointer?
Let me see if I can find it....The study I recall was from about 6 years
ago.
http://www.rsa.com/blog/blog_entry.aspx?id=1286 is a more recent blog
entry on the topic; it's not the study I was thinking of (since it's
dated this year), but it explains the essence of what I recall from the
study in question.
Jim
Post a reply to this message
|
|