On 31 Dec 2011 at 15:30, Steven Bellovin wrote: > Yes, ideally people would have a separate, strong password, changed > regularly for every site.
This is the very question I was asking: *WHY* "changed regularly? What threat/vulnerability is addressed by regularly changing your password? I know that that's the standard party line [has been for decades and is even written into Virginia's laws!], but AFAICT it doesn't do much of anything other than encourage users to be *LESS* secure with their passwords. /Bernie\ -- Bernie Cosell Fantasy Farm Fibers mailto:[email protected] Pearisburg, VA --> Too many people, too few sheep <-- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
