Yes, a longer password is much harder to break than a shorter one! The reason that you change password on a regular basis is to prevent a compromised password from being effective forever. -----Original Message----- From: John Andersen [mailto:jsa@pen.homeip.net] Sent: Monday, July 31, 2006 10:34 PM To: suse-security@suse.com Subject: Re: [suse-security] password memory On Monday 31 July 2006 16:42, suse@rio.vg wrote:
forcing people to keep changing passwords has one single effect: People will write them down.
I was hoping someone would point that out. One longer (unchanging) password (more than ten characters) is harder to guess than a monthly changing short one, which EVERY user changes via an easily discernable pattern. http://www.rsasecurity.com/press_release.asp?doc_id=6095 http://www.cerias.purdue.edu/weblogs/spaf/general/post-30/ http://it.slashdot.org/article.pl?sid=05/09/27/1935210&from=rss -- _____________________________________ John Andersen