1 Aug
2006
1 Aug
'06
15:15
Badger, Shawn wrote:
The reason that you change password on a regular basis is to prevent a compromised password from being effective forever.
But is that really worthwhile? As soon as a password is compromised, the damage is done. I find the idea that an attacker is going to get a password, then wait weeks or months to use it rather odd. They're more likely to use it right away. Weigh the unlikely lackadaisical attacker with the rather hefty problem of people writing their passwords on post-it notes where anyone can see them...