[cryptography] Password non-similarity?

dan at geer.org dan at geer.org
Tue Jan 3 20:07:06 EST 2012


 > So I would conjecture, at least in cases like this where users only
 > login infrequently, that the password change policy every N days
 > be done away with, or at the very least, we make N something
 > reasonably long, like 365 or more days.

Kevin, are you suggesting a "50 uses and change it" rule?

--dan




More information about the cryptography mailing list