On Dec 31, 2011, at 4:36 00PM, Bernie Cosell wrote: > On 31 Dec 2011 at 15:30, Steven Bellovin wrote: > >> Yes, ideally people would have a separate, strong password, changed >> regularly for every site. > > This is the very question I was asking: *WHY* "changed regularly? What > threat/vulnerability is addressed by regularly changing your password? I > know that that's the standard party line [has been for decades and is > even written into Virginia's laws!], but AFAICT it doesn't do much of > anything other than encourage users to be *LESS* secure with their > passwords.
The standard rationale is that for any given time interval, there's a non-zero probability that a given password has been compromised. At some point, the probability is high enough that it's a real risk. By changing passwords frequently enough, you never reach that point. The reference I posted previously (http://csrc.nist.gov/publications/secpubs//rainbow/std002.txt) makes this very explicit, complete with equations; see Appendix F. --Steve Bellovin, https://www.cs.columbia.edu/~smb _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
