Path: utzoo!attcan!uunet!husc6!bu-cs!encore!bzs
From: bzs@Encore.COM (Barry Shein)
Newsgroups: comp.unix.wizards
Subject: Re: [Lynn R Grant:  Password Aging]
Message-ID: <4506@xenna.Encore.COM>
Date: 28 Dec 88 16:40:00 GMT
References: <17981@adm.BRL.MIL>
Organization: Encore Computer Corp, Marlboro, MA
Lines: 13
In-reply-to: mchinni@ardec.arpa's message of 28 Dec 88 14:00:16 GMT
Posting-Front-End: GNU Emacs 18.41.15 of Tue Jun  9 1987 on xenna (berkeley-unix)


Of course the obvious question is does anyone have any good cases of
systems broken into where, if password aging had been in effect, the
break-in would have been prevented? Reasoning appreciated.

Other than cases like knowing full well a disgruntled employee has
left (password aging assumes you don't know that something is under
attack or has been compromised, I'm talking about automatic update,
not any situation where if you had used your common sense and changed
a password you would have avoided a problem because the password ager
might not have kicked in yet in those cases either.)

	-Barry Shein, ||Encore||