On Tue, Aug 01, 2006 at 11:15:09AM -0400, suse@rio.vg wrote:
Badger, Shawn wrote:
The reason that you change password on a regular basis is to prevent a compromised password from being effective forever.
But is that really worthwhile? As soon as a password is compromised, the damage is done. I find the idea that an attacker is going to get a password, then wait weeks or months to use it rather odd. They're more likely to use it right away.
For an external "techy" attacker that may be true. But changing passwords regularly may help against snooping co-workers that saw you typing a password while looking over your shoulder. Is it wortwhile? For me it's no burden to change my password from time to time. I have no problem with remembering R%anc!BhouseaL after typing it a few times. For others that don't have to remember dozens of passwords anyway it may be harder and they may write their password down and defeat your whole password policy. marc