Security Basics mailing list archives
RE: passwords
From: "Robert Sieber" <securityfocus () different-thinking de>
Date: Tue, 18 Feb 2003 18:58:55 +0100
It doesn't make sense because 90 days is too long. A password should be changed at least after 30 days - if they are strong enough. A cracker has 90 days to find out the correspondig password ..... Robert
-----Original Message----- From: ullmic6 () web de [mailto:ullmic6 () web de] Sent: Monday, February 17, 2003 8:02 PM To: security-basics () securityfocus com Subject: passwords Hello all, one of the favorite subjects in my company seems to be the strength of passwords. We force our users to change their mail password every 90 days. Does this make sense? Why? -- ullmic
Current thread:
- passwords ullmic6 (Feb 18)
- RE: passwords Robert Sieber (Feb 19)
- RE: passwords Jeff Harris (Feb 20)
- Re: passwords simsjs (Feb 19)
- Re: passwords multics (Feb 19)
- Re: passwords jl (Feb 20)
- Re: passwords Ross Nelson (Feb 19)
- RE: passwords Tim V - DZ (Feb 19)
- <Possible follow-ups>
- Re: passwords eer7y3n0h (Feb 19)
- Re: passwords Chris Berry (Feb 19)
- RE: passwords Robinson, Sonja (Feb 19)
- RE: passwords Vince Dang (Feb 20)
(Thread continues...)
- RE: passwords Robert Sieber (Feb 19)