>> You can't force people to invent and memorize an endless stream of >> unrelated strong passwords. > >I'm not sure I agree with this phrasing. It is easy to memorize a strong >password -- it just has to be long enough.
Don't forget "endless stream of unrelated". I have some strong passwords for the accounts that matter, but I don't have to start over every month. >So what problem _is_ being addressed by requiring passwords to be changed >so often [and so inconveniently]? Compliance with standards written by people who created the standard by copying standards they saw other places. I suspect a lot of them still trace back to attacks on /etc/passwd on PDP-11 Unix. Regards, John Levine, [email protected], Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
