Hello World
Michael Ströder
michael at stroeder.com
Sun Jan 18 08:30:59 EST 2015
Steven D'Aprano wrote:
> Mark Lawrence wrote:
>
>> Bah humbug, this has reminded me of doing secure work whereby each
>> individual had two passwords, both of which had to be changed every
>> thirty days, and rules were enforced so you couldn't just increment the
>> number at the end of a word or similar.
>
> I hate and despise systems that force you to arbitrarily change a good
> strong password after N days for no good reason.
>
> The utterly bad reason often given by people who don't understand
> probability is that if hackers try to guess your password by brute-force,
> changing the password regularly will make it harder for them. That's simply
> wrong, and is based on a misunderstanding of probability.
But there's a probability > 0 that one of the systems where an admin has to
use his/her password was hacked and that passwords gets stolen there. It's
hard to find out in case of skilled hackers.
=> have more than one account for different security areas and have password
aging in place.
Ciao, Michael.
More information about the Python-list
mailing list