[cryptography] Password non-similarity?

Bernie Cosell bernie at fantasyfarm.com
Sat Dec 31 16:36:00 EST 2011

On 31 Dec 2011 at 15:30, Steven Bellovin wrote:

> Yes, ideally people would have a separate, strong password, changed
> regularly for every site.

This is the very question I was asking: *WHY* "changed regularly?  What 
threat/vulnerability is addressed by regularly changing your password?  I 
know that that's the standard party line [has been for decades and is 
even written into Virginia's laws!], but AFAICT it doesn't do much of 
anything other than encourage users to be *LESS* secure with their 


Bernie Cosell                     Fantasy Farm Fibers
mailto:bernie at fantasyfarm.com     Pearisburg, VA
    -->  Too many people, too few sheep  <--       

More information about the cryptography mailing list