myth about regular password change busted

Here, finally, a piece by one of the leading experts in computer security, Gene Spafford, about where the "need" to regularly change your password came from, and why it won’t help much:

http://www.cerias.purdue.edu/site/blog/post/password-change-myths/

two highlights:

"In summary, forcing periodic password changes given today’s resources is
unlikely to significantly reduce the overall threat"

and

"This is DESPITE the fact that any reasonable analysis shows that a
monthly password change has little or no end impact on improving
security!"

Advertisements
This entry was posted in miscellany. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s