On 31 Dec 2011 at 16:59, Steven Bellovin wrote: > On Dec 31, 2011, at 4:36 00PM, Bernie Cosell wrote: > > > On 31 Dec 2011 at 15:30, Steven Bellovin wrote: > > > >> Yes, ideally people would have a separate, strong password, changed > >> regularly for every site. > > > > This is the very question I was asking: *WHY* "changed regularly? What > > threat/vulnerability is addressed by regularly changing your password? I > > know that that's the standard party line [has been for decades and is > > even written into Virginia's laws!], but AFAICT it doesn't do much of > > anything other than encourage users to be *LESS* secure with their > > passwords. > > > The standard rationale is that for any given time interval, there's a > non-zero probability that a given password has been compromised.
Just so! But of course But the what I'm asking is whether that's all basically just apocryphal [and perhaps it's past time to push back on that "knee jerk" policy]. /Bernie\ -- Bernie Cosell Fantasy Farm Fibers mailto:[email protected] Pearisburg, VA --> Too many people, too few sheep <-- _______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
