[cryptography] Password non-similarity?
johnl at iecc.com
Sat Dec 31 12:32:06 EST 2011
>> You can't force people to invent and memorize an endless stream of
>> unrelated strong passwords.
>I'm not sure I agree with this phrasing. It is easy to memorize a strong
>password -- it just has to be long enough.
Don't forget "endless stream of unrelated". I have some strong
passwords for the accounts that matter, but I don't have to start over
>So what problem _is_ being addressed by requiring passwords to be changed
>so often [and so inconveniently]?
Compliance with standards written by people who created the standard
by copying standards they saw other places. I suspect a lot of them
still trace back to attacks on /etc/passwd on PDP-11 Unix.
John Levine, johnl at iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
More information about the cryptography