[unisog] Password policies
brennan at columbia.edu
Wed Apr 19 17:11:50 GMT 2006
Requiring frequent changes only pushes people to writing the passwords
on sticky notes stuck to their monitors. Is there any data to support
the idea that changing every 3 months is better than changing every
3 decades? If a stolen password hasn't been used in a few days, will
it ever be used?
Jim Dillon <Jim.Dillon at cusys.edu> wrote:
> On the brighter side, the effectiveness of passwords in the face of
> spyware, rainbow tables, rootkits, keyboard loggers and the like is
> pitiful, and with only a slight growth in the percentage of infections of
> these sorts, the password as a stand-alone security construct will be
Sad but true.
Columbia University Information Technology
More information about the unisog