Path: utzoo!attcan!uunet!lll-winken!ames!nrl-cmf!ukma!gatech!bloom-beacon!bu-cs!mirror!ima!minya!jc
From: jc@minya.UUCP (John Chambers)
Newsgroups: comp.unix.wizards
Subject: Re: [Lynn R Grant:  Password Aging]
Message-ID: <6@minya.UUCP>
Date: 8 Jan 89 05:23:46 GMT
References: <17981@adm.BRL.MIL> <4506@xenna.Encore.COM>
Organization: (none)
Lines: 26

In article <4506@xenna.Encore.COM>, bzs@Encore.COM (Barry Shein) writes:
> 
> Of course the obvious question is does anyone have any good cases of
> systems broken into where, if password aging had been in effect, the
> break-in would have been prevented? Reasoning appreciated.
> 
Well, I don't know of any, but where I am currently working, there
seems to be a case where password aging has decreased the general
level of security.  Why?  Well, there's a lot of networking going
on, and many people find themselves with accounts on 10 or 15 or
50 machines, each of which has to have a password.  Password aging
has been installed on some of them, so periodically users find
themselves being harassed by yet another system that wants them
to change their password.  After a while, we all find that we
have a whole lot of different passwords, and there's only one
way that a mere human can possibly remember them: write them
down on paper along with the hostnames.  I have a list in the
little pocket calendar that lives in my shirt pocket...

Nuf said?

-- 
John Chambers <{adelie,ima,maynard,mit-eddie}!minya!{jc,root}> (617/484-6393)

[Any errors in the above are due to failures in the logic of the keyboard,
not in the fingers that did the typing.]