michael at stroeder.com
Sun Jan 18 14:30:59 CET 2015
Steven D'Aprano wrote:
> Mark Lawrence wrote:
>> Bah humbug, this has reminded me of doing secure work whereby each
>> individual had two passwords, both of which had to be changed every
>> thirty days, and rules were enforced so you couldn't just increment the
>> number at the end of a word or similar.
> I hate and despise systems that force you to arbitrarily change a good
> strong password after N days for no good reason.
> The utterly bad reason often given by people who don't understand
> probability is that if hackers try to guess your password by brute-force,
> changing the password regularly will make it harder for them. That's simply
> wrong, and is based on a misunderstanding of probability.
But there's a probability > 0 that one of the systems where an admin has to
use his/her password was hacked and that passwords gets stolen there. It's
hard to find out in case of skilled hackers.
=> have more than one account for different security areas and have password
aging in place.
More information about the Python-list