On 7 August 2014 12:04, Brian Wolff <[email protected]> wrote: > >> > > Oh I have no problem with regular forced password changes, say quarterly > or > > so; I'm used to that in other contexts. But not a one-time password, > which > > will actually increase risk because people will choose "keep me logged > in" > > to avoid having to get a new password every time they want to log in. > > > > I believe there's some research to suggest that quarterly password > changes decrease overall security. I personally would not like having > to do that. > > > These tend also to be solutions coming from moneyed countries, and some > of > > these things involve technology that is not globally available. > > > > I'm not sure what you mean by that. > > A lot of the "solutions" normally bandied about involve things like two-factor identification, which has the "additional" password coming through a separate route (e.g., gmail two-factor ID sends a second password as a text to a mobile) and means having more expensive technology) or using technology like dongles that cannot be sent to users in certain countries.
I stick to my strong passwords and also subscribe to the xkcd password theory.[1] Risker/Anne [1] https://www.xkpasswd.net/c/index.cgi _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
