What I've been saying for years ....
From the O'Reilly Security Newsletter:
https://venturebeat.com/2017/04/18/new-password-guidelines-say-everything-we-thought-about-passwords-is-wrong/
1. Forcing people to frequently change passwords is not helpful. It
just makes it more likely that they will stick the password on a
Post-IT on their monitors because they can't remember it.
2. Imposed password complexity does not help either (As I keep
telling people, the only way that a user can make his/her password
harder to "guess" in the modern age is to make it longer. It is just
as easy for a brute-force botnet application to "guess"#51aQ4@5)?" as
it is to guess "YourMomma!")
Maybe I should start my own security newsletter....
Ken Dibble
www.stic-cil.org
_______________________________________________
Post Messages to: [email protected]
Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox
OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech
Searchable Archive: http://leafe.com/archives/search/profox
This message:
http://leafe.com/archives/byMID/profox/8D.F3.12780.D93BC095@cdptpa-omsmta03
** All postings, unless explicitly stated otherwise, are the opinions of the
author, and do not constitute legal or medical advice. This statement is added
to the messages for those lawyers who are too stupid to see the obvious.
