Path: utzoo!attcan!uunet!vsi!friedl
From: friedl@vsi.COM (Stephen J. Friedl)
Newsgroups: comp.unix.questions
Subject: Re: Need help with password aging
Message-ID: <1071@vsi.COM>
Date: 18 Mar 89 04:25:09 GMT
References: <179@camdev.UUCP> <9059@alice.UUCP>
Distribution: na
Organization: V-Systems, Inc. -- Santa Ana, CA
Lines: 23

In article <9059@alice.UUCP>, ark@alice.UUCP (Andrew Koenig) writes:
> It is far from clear to me that password aging accomplishes much.
> Its usual effect is to cause people to toggle between two similar
> passwords.  I don't believe for an instant that such toggling
> will make passwords any harder to guess, break, or acquire.

Password aging makes it *much* easier to guess passwords.  Not only
do people tend to toggle between a two passwords, they toggle between
two *bad* passwords because the timing is so terrible.

There you are, sitting at your terminal, thinking about getting
something done today.  You enter your current password and SLAP,
you can't do *anything* until you think of a password RIGHT NOW.

This rude awakening is not conducive to picking a good password.

     Steve

-- 
Stephen J. Friedl / V-Systems, Inc. / Santa Ana, CA / +1 714 545 6442 
3B2-kind-of-guy   / friedl@vsi.com  / {attmail, uunet, etc}!vsi!friedl

"I think, therefore I'm a yam." - me