Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!wuarchive!emory!athena.cs.uga.edu!mcovingt
From: mcovingt@athena.cs.uga.edu (Michael A. Covington)
Newsgroups: comp.org.eff.talk
Subject: Re: Passwords
Summary: How often _should_ they be changed?
Message-ID: <1991Jun14.192614.24540@athena.cs.uga.edu>
Date: 14 Jun 91 19:26:14 GMT
References: <14907.28501E2D@fidogate.FIDONET.ORG> <1991Jun11.221113.14213@athena.cs.uga.edu> <64654@bbn.BBN.COM>
Organization: University of Georgia, Athens
Lines: 14

You're quite right, password change intervals are problematic.

If passwords are required to be changed too often, it leads people
to choose excessively easy-to-guess passwords so they'll be easy to
remember.

My own practice is to use very obscure passwords, and change them
only when I have some suspicion that their secrecy has been compromised.

-- 
-------------------------------------------------------
Michael A. Covington | Artificial Intelligence Programs
The University of Georgia  |  Athens, GA 30602   U.S.A.
-------------------------------------------------------