[clug] [OT] all text passwords == secure?

Sam Couter sam at couter.id.au
Sun Aug 26 01:17:47 MDT 2012

> On 26/08/12 12:51, steve jenkin wrote:
> > I've never seen anything documented that demonstrates "frequently
> > changing your password" is useful.

Scott Ferguson <scott.ferguson.clug at gmail.com> wrote:
> IBM still do that - I think it's a good policy, it helps limit how long
> people can have unauthorised access. But as you point out, human
> laziness weakens it. PEBKAC is always a problem.

Humans are an essential part of the security process. If you're not
taking them into consideration then you have failed.

If your password policies make passwords hard to remember for the humans
who have to use them, they will make passwords easier to remember by
subverting your policies. I also use the incrementing-number trick at
work, so by forcing me to change my password they've gained exactly
nothing. Why bother?
Sam Couter         |  mailto:sam at couter.id.au
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/linux/attachments/20120826/6c79c171/attachment.pgp>

More information about the linux mailing list