12 Jun
2009
12 Jun
'09
2:52 p.m.
or cycling through a list of completely insecure passwords
if its 10, go through the same 10 over and over,
or 5 like you said, add a number to the end
any expiry policy will cause this.
if you use hardened passwords that are easy to type (but not remember)
those work the best, so far that I've found.
I even wrote a program to generate these (probably a number of them around).
they are not based on keyboard patterns
my latest one is designed around how people type
left hand, then right, then left, a certain number each,
they can type them, but never remember what they are.
Dan.
Date: Fri, 12 Jun 2009 13:39:31 -0700
Subject: Re: password expiration policy (was Re: UNIX V7)
From: slawmaster at gmail.com
To: cctalk at classiccmp.org
On Fri, Jun 12, 2009 at 1:26 PM, Eric Smith<eric at brouhaha.com> wrote:
_________________________________________________________________
Create a cool, new character for your Windows Live? Messenger.
http://go.microsoft.com/?linkid=9656621
Daniel Seagraves wrote:
I have a number of passwords I use, but some of the systems at my
school have both very restrictive password requirements and a short
password expiration; as a result, many students have taken to just
sticking a number on the end of their passwords and incrementing it by
one each change.
John
--
"I've tried programming Ruby on Rails, following TechCrunch in my RSS
reader, and drinking absinthe. It doesn't work. I'm going back to C,
Hunter S. Thompson, and cheap whiskey." -- Ted Dziuba
(In reality however, I am most likely giving up my password expiration
policy. The users are complaining to the owner about having to change their
password every 60 days, and the owner has told me if they continue to
complain the policy will be abolished
In my opinion, having a password expiration policy with such a short period
is counterproductive. It will cause the users to be more sloppy with their
passwords in various ways, including leaving the passwords written down in
places they can easily be found. It will also make users favor weaker, more
easily guessed passwords, even if the system sets minimum requirements;
users are more willing to memorize a stronger password if they're going to
use it for a fairly long time.
Eric