Password expiration is still valid but for a completely different reason. Each person has passwords all over the internet (bank, credit cards, various websites, IBM, ...). The average person never changes most passwords. With password expiration, it's likely that the password will only match those never-changing passwords. If companies were willing to spend the money, then they would implement Securid (or a competitor) to provide machine generated passwords.
Jon Perryman > On Saturday, May 24, 2014 11:41 AM, John Gilmore <[email protected]> wrote: > > As readers of my posts on related topics will already know, my view is > that password-expiration schemes are one more example, among too many > others [like DES and AES], of all but useless schemes that are imposed > on user communities by security organizations that 1) are anxious to > be seen to be doing something and 2) are not themselves competent to > make technical judgments about the usefulness of their impositions. > > John Gilmore, Ashland, MA 01721 - USA ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
