Steven D'Aprano wrote: > Mark Lawrence wrote: > >> Bah humbug, this has reminded me of doing secure work whereby each >> individual had two passwords, both of which had to be changed every >> thirty days, and rules were enforced so you couldn't just increment the >> number at the end of a word or similar. > > I hate and despise systems that force you to arbitrarily change a good > strong password after N days for no good reason. > > The utterly bad reason often given by people who don't understand > probability is that if hackers try to guess your password by brute-force, > changing the password regularly will make it harder for them. That's simply > wrong, and is based on a misunderstanding of probability.
But there's a probability > 0 that one of the systems where an admin has to use his/her password was hacked and that passwords gets stolen there. It's hard to find out in case of skilled hackers. => have more than one account for different security areas and have password aging in place. Ciao, Michael. -- https://mail.python.org/mailman/listinfo/python-list
