|
 |
Orchid XP v8 <voi### [at] dev null> wrote:
> Myself I'd probably just follow the Keep It Simple principle; no minimum
> password age at all. As I say, very few people are smart enough to
> realise that the system can be abused this way. Heck, most people just
> /assume/ that the system keeps all passwords forever. They don't know
> that 12 is our magic number.
Security by non-disclosement isn't a good strategy either. It would be
like arguing "nobody is going to hack our password database if we don't
tell anybody in which directory it's located".
(Yes, I know this is not a question of hacking or the users being
malicious and potentially causing mayhem. However, I see no reason to
not prevent even "innocent" abuse of the system.)
--
- Warp
Post a reply to this message
|
|
