Path: utzoo!utgpu!news-server.csri.toronto.edu!bonnie.concordia.ca!ccu.umanitoba.ca!herald.usask.ca!alberta!ubc-cs!uw-beaver!cornell!batcomputer!caen!zaphod.mps.ohio-state.edu!mips!pacbell.com!att!cbnewsh!wcs
From: wcs@cbnewsh.cb.att.com (Bill Stewart 908-949-0705 erebus.att.com!wcs)
Newsgroups: comp.org.eff.talk
Subject: Re: Passwords
Message-ID: <1991Jun28.152551.10368@cbnewsh.cb.att.com>
Date: 28 Jun 91 15:25:51 GMT
References: <14907.28501E2D@fidogate.FIDONET.ORG> <1991Jun11.221113.14213@athena.cs.uga.edu> <64654@bbn.BBN.COM>
Organization: Your typical phone company involved in your typical daydream
Lines: 16

In article <64654@bbn.BBN.COM> cosell@bbn.com (Bernie Cosell) writes:
] } The main reason for changing passwords is that eventually, your password
] } may fall into the wrong hands without your knowing it.
] Yeah, but this is really muddle-headed reasoning, and in fact even the
] rainbow book on password maintenance is annoyingly non-logical about it.
] ... Unlike other security matters [e.g., length of the password, or
] disallowing words from /usr/dict/words and such], there is apparently
] no way, and no need, to justify the interval chosen...  would changing

Perhaps the standard 3 months is the expected time until the average
Joe Army user loses the yellow-sticky that he wrote the password on?
-- 
				Pray for peace;		  Bill
# Bill Stewart 908-949-0705 erebus.att.com!wcs AT&T Bell Labs 4M-312 Holmdel NJ
# No, that's covered by the Drug Exception to the Fourth Amendment.
# You can read it here in the fine print.