Security Basics mailing list archives
Re: Password Management
From: Bill Cullen <billc () iinet net au>
Date: Sat, 22 Apr 2006 21:53:31 +0800
nightwatchman () comcast net said the following on 22/04/2006 2:13 AM: > Passwords should: > > 1.) change every 90 days I've seen some people recommend 60 days and others 180 days. > 4.) not be written down.I'm not sure I agree. There is nothing wrong with writing down a password, provided the piece of paper with the password is secured. In this day and age we often have multiple passwords. I doubt most people can remember all of them without writing some down.
Personally, I think we need to start looking at alternatives to passwords (or at least start using devices offering one time passwords such as the RSA SecurID - I just wish they weren't so expensive).
------------------------------------------------------------------------- This List Sponsored by: WebrootDon't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
Current thread:
- RE: PenTest Checklist, (continued)
- RE: PenTest Checklist Carl Davis (Apr 26)
- RE: Password Management Chandra, Sharath V Ctr SAF/FMPT (Apr 21)
- RE: Password Management Andrew Williams (Apr 21)
- RE: Password Management Crawley, Jim (Apr 21)
- Re: Password Management Jason T. Hallahan (Apr 21)
- Re: Password Management Kelly Martin (Apr 21)
- Re: Password Management Turk (Apr 24)
- Re: Password Management Micheal Espinola Jr (Apr 24)
- Re: Password Management Jason T. Hallahan (Apr 21)
- RE: Password Management Lorteau Clement (Apr 21)
- Re: Password Management nightwatchman (Apr 21)
- Re: Password Management Bill Cullen (Apr 24)
- Re: Password Management Alexander Bolante (Apr 24)
- Re: Password Management l00t3r (Apr 24)
- RE: Password Management Christopher Carpenter (Apr 24)
- Re: Password Management Stephen John Smoogen (Apr 24)
- RE: Password Management Donald N Kenepp (Apr 25)
- RE: Password Management cv arun (Apr 25)
- Re: Password Management Ansgar -59cobalt- Wiechers (Apr 26)
- RE: Password Management Utz, Ralph (Apr 24)
- Re: Password Management James Harless (Apr 24)
- Re: Password Management James Harless (Apr 24)