Path: utzoo!attcan!uunet!husc6!rutgers!att!ttrdc!levy
From: levy@ttrdc.UUCP (Daniel R. Levy)
Newsgroups: comp.unix.questions
Subject: Re: Need help with password aging
Message-ID: <3275@ttrdc.UUCP>
Date: 18 Mar 89 05:08:53 GMT
References: <179@camdev.UUCP> <9059@alice.UUCP>
Distribution: na
Lines: 17

In article <9059@alice.UUCP>, ark@alice.UUCP (Andrew Koenig) writes:
< In article <179@camdev.UUCP>, sscott@camdev.UUCP (Steve Scott) writes:
< 
< > As a major security overhaul within my company, the issue of password aging
< > has raised its head.  So, I am in need of advice on how to implement such.
< 
< It is far from clear to me that password aging accomplishes much.
< Its usual effect is to cause people to toggle between two similar
< passwords.  I don't believe for an instant that such toggling
< will make passwords any harder to guess, break, or acquire.

Toggling can be defeated by storing all past passwords for each user.
-- 
Daniel R. Levy             UNIX(R) mail:  att!ttbcad!levy
AT&T Bell Laboratories
5555 West Touhy Avenue     Any opinions expressed in the message above are
Skokie, Illinois  60077    mine, and not necessarily AT&T's.