nanog mailing list archives

Re: Dear Linkedin,

From: "John Levine" <johnl () iecc com>
Date: 8 Jun 2012 21:59:20 -0000

Yes; of course if most of those accounts are moribund and unused then you don't need
to change them so often, but the passwords you use frequently should be changed at
regular intervals.

It's pretty commonsensical once the threat is understood.


Given that most compromised passwords these days are stolen by malware
or phishing, I'm not understanding the threat, unless you're planning
to change passwords more frequently than the interval between malware
stealing your password and the bad guys using it.

I agree that keeping a big file of unsalted hashes is a dumb idea, but
there isn't much that users can do about services so inept as to do
that.

R's,
John

Current thread:

Re: Password safes &c. (was: Dear Linkedin,), (continued)
- - - Re: Password safes &c. (was: Dear Linkedin,) Jay Ashworth (Jun 09)
    - Re: Password safes &c. Paul Graydon (Jun 08)
    - Re: Password safes &c. (was: Dear Linkedin,) JoeSox (Jun 08)
    - Re: Dear Linkedin, Alec Muffett (Jun 08)
    - Re: Dear Linkedin, Lyndon Nerenberg (Jun 08)
    - Re: Dear Linkedin, Michael Thomas (Jun 08)
    - Password Safes Lyndon Nerenberg (Jun 08)
    - Re: Password Safes Michael Thomas (Jun 08)
    - Re: Password Safes JC Dill (Jun 10)
- Re: Dear Linkedin, Alec Muffett (Jun 08)
  - Re: Dear Linkedin, John Levine (Jun 08)
    - Re: Dear Linkedin, Alec Muffett (Jun 08)
- Re: Dear Linkedin, Joe Maimon (Jun 08)
- Re: Dear Linkedin, John Adams (Jun 08)
- Re: Dear Linkedin, Simon Perreault (Jun 08)
  - Re: Dear Linkedin, valdis . kletnieks (Jun 08)
- Re: Dear Linkedin, Jay Ashworth (Jun 08)
- Re: Dear Linkedin, [and proposed mitigation approach] Rich Kulawiec (Jun 08)
- Re: Dear Linkedin, Ted Cooper (Jun 08)
  - Re: Dear Linkedin, Michael Thomas (Jun 08)
- Re: Dear Linkedin, Terje Bless (Jun 09)

(Thread continues...)