Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!csd4.milw.wisc.edu!lll-winken!ames!killer!texbell!bellcore!faline!thumper!ulysses!andante!alice!ark
From: ark@alice.UUCP (Andrew Koenig)
Newsgroups: comp.unix.questions
Subject: Re: Need help with password aging
Message-ID: <9059@alice.UUCP>
Date: 16 Mar 89 21:58:37 GMT
References: <179@camdev.UUCP>
Distribution: na
Organization: AT&T Bell Laboratories, Liberty Corner NJ
Lines: 15

In article <179@camdev.UUCP>, sscott@camdev.UUCP (Steve Scott) writes:

> As a major security overhaul within my company, the issue of password aging
> has raised its head.  So, I am in need of advice on how to implement such.

It is far from clear to me that password aging accomplishes much.
Its usual effect is to cause people to toggle between two similar
passwords.  I don't believe for an instant that such toggling
will make passwords any harder to guess, break, or acquire.

On the other hand, it would be a real good idea to lock out any
logins that aren't used in some sensible time period, like a month.
-- 
				--Andrew Koenig
				  ark@europa.att.com