Password Renewal

[sal_park]

But its the need to keep changing passwords that forces people to make a note of them, a self defeating measure!!!!!!!

Couldn't agree more, and to be clear it annoys the ** out of me too

If they just stayed the same they could be remembered easily.

...and would make it much easier for someone to try and guess it over a longer period of time and make all those passwords written down from years ago still relevant....


It's a little bit chicken and egg, and I'm not sure passwords can provide a good long term answer.

 

[flecc]

I'm not sure passwords can provide a good long term answer.

I'm sure they aren't, but much of the problem is that of excessive use making us create so many. If I go online to buy something from a retailer they often demand a password and/or registration. Why is that, my credit card tells them who I am and my delivery address gives further info. Conversely I can walk into retail stores and buy anything, pay cash and they have no idea of my identity. Does civilisation then collapse?

In many cases no security is necessary, if only because it doesn't work anyway. We have password entry here in Pedelecs, but that hasn't stopped the site suffering some very unpleasant and disruptive attacks on various past occasions. The problem with security is that its presence can provoke attack, its existence prompting some to challenge. It's like the proverbial red rag and bull situation, walk past a bull and the odds are it will ignore you. Flap an irritating red cape in front of it and it will be provoked.

 

[50 Hertz]

I know it's a pain but..


*THIS* (writing down passwords on a piece of paper) is the main reason I'm aware of that drives the change your password every xx days system behavior !


Someone reads the jotter on your desk and can login into all your systems ? Depending on what they have got access to it could be 'pretty bad' (tm).


As an aside, I have the same hassle here at work with many different system wanting there passwords reset all the time. What I do is when I need to change the password for any system, I change it on all systems to the same password. Not ideal, but better that writing it down I think


hth

sp

I can't see the point in making system users have multiple passwords all of which expire. It's self defeating because it becomes impossible to remember them all, hence it encourages users to write them down which compromises security. It is much better to encourage people to use strong passwords and to commit them to memory.

My personal passwords for important things like banking are a series of random upper and lower case letters, numbers and symbols. Each password is 15 characters long and I commit these to memory. For web sites like this, I just use a word. This regime has never let me down and I feel that my personal website security is much better than that of the company I work for.