John H. Robinson, IV wrote:
Michael O'Keefe wrote:
I've never understood password aging.
If your system is so fragile that it cannot withstand users keeping
their passwords indefinitely, I'd be looking at the systems fragility,
not password rotation.
It is not about system fragility, it has to do with people re-using
passwords. Most people will pick one, maybe two, passwords and use them
everywhere. For their work systems, for their home systems, for gmail,
for web forum, e-bay, amazon, *everything*.
It takes one slip up for that password to become exposed. It has nothing
to do with the securty of the system, but the fragility of the users.
Your only defense is to ensure that an exposed password has only a
limited window of opportunity. This is done by making users reset their
passwords every so often.
What does it matter ?
That user is exposed, nobody else is
--
Michael O'Keefe | [EMAIL PROTECTED]
Live on and Ride an 06 BMW R12GS HP2 | [EMAIL PROTECTED] / |
I like less more or less less than |Work:+1 858 845 3514 / |
more. UNIX-live it,love it,fork() it |Fax :+1 858 845 2652 /_p_|
My views are MINE ALONE, blah, blah, |Home:+1 760 788 1296 \`O'|
blah, yackety yack - don't come back |Fax :+1 858 _/_\|_,
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
