>This is the very question I was asking: *WHY* "changed regularly? What >threat/vulnerability is addressed by regularly changing your password?
I finally realized, that's so when the organization gets pwn3d, you won't have used the stolen passwords anywhere else. Or maybe they imagine that if your password is stolen somewhere else, you won't have changed all the passwords at the same time. There's also the backup tape that fell off a truck issue, but it's a pretty lame organization who decides to push that risk onto the million users rather than the three IT guys who should be managing the database and backup passwords and related security. (We assume, for the purposes of argument, that there are still backup tapes in use somewhere.) The incentives of the people setting the rules are often not aligned with the interests of the users. R's, John _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
