PHWinfo - Afficher un message

13/09/2007, 22h32

all mail refused wrote:
> Whether password expiry is worth having is another matter -
> I think it usually isn't.

It can actually reduce security, since people being forced to change
their password before they can get some work done are increasingly
likely to pick weak passwords and reuse them from other services.

I agree with Bruce Schneier on this issue: Pick strong,random passwords,
allow one paper copy of them, but encourage users to treat the written
down password like a credit card. And don't expire them.

13/09/2007, 22h32	#4
Steven Mocking Messages: n/a Hébergeur:	Re: password about to expire notification all mail refused wrote: > Whether password expiry is worth having is another matter - > I think it usually isn't. It can actually reduce security, since people being forced to change their password before they can get some work done are increasingly likely to pick weak passwords and reuse them from other services. I agree with Bruce Schneier on this issue: Pick strong,random passwords, allow one paper copy of them, but encourage users to treat the written down password like a credit card. And don't expire them.