[cryptography] Password non-similarity?
bernie at fantasyfarm.com
Sat Dec 31 16:36:00 EST 2011
On 31 Dec 2011 at 15:30, Steven Bellovin wrote:
> Yes, ideally people would have a separate, strong password, changed
> regularly for every site.
This is the very question I was asking: *WHY* "changed regularly? What
threat/vulnerability is addressed by regularly changing your password? I
know that that's the standard party line [has been for decades and is
even written into Virginia's laws!], but AFAICT it doesn't do much of
anything other than encourage users to be *LESS* secure with their
Bernie Cosell Fantasy Farm Fibers
mailto:bernie at fantasyfarm.com Pearisburg, VA
--> Too many people, too few sheep <--
More information about the cryptography