[unisog] Password policies

Joseph Brennan brennan at columbia.edu
Wed Apr 19 17:11:50 GMT 2006


Requiring frequent changes only pushes people to writing the passwords
on sticky notes stuck to their monitors.  Is there any data to support
the idea that changing every 3 months is better than changing every
3 decades?  If a stolen password hasn't been used in a few days, will
it ever be used?



Jim Dillon <Jim.Dillon at cusys.edu> wrote:

> On the brighter side, the effectiveness of passwords in the face of
> spyware, rainbow tables, rootkits, keyboard loggers and the like is
> pitiful, and with only a slight growth in the percentage of infections of
> these sorts, the password as a stand-alone security construct will be
> dead.

Sad but true.



Joseph Brennan
Columbia University Information Technology



More information about the unisog mailing list