https://bugzilla.wikimedia.org/show_bug.cgi?id=61101

--- Comment #11 from Andreas F. Borchert <wikipe...@andreas-borchert.de> ---
I am not convinced that security is improved by setting
PasswordMaxValidTimeInDays to low values as suggested, i.e. 180 days.
Frequently enforced password changes force people to write their passwords
down, to use passwords that can be more easily memorized, and/or to use some
schemes that help them to remember changed passwords (e.g. changing just the
last character of a password). All this weakens security. Here is a good essay
by Gene Spafford regarding changing passwords:

http://www.cerias.purdue.edu/site/blog/post/password-change-myths/

-- 
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l

Reply via email to