Paraphrasing: “I have made a massive mess of US foreign policy and the whole world is falling apart. Have you fixed it for me yet?” Right in the middle of the biggest Middle Eastern shitstorm ever created, April 7, 2003. Heck of a job, Rummie
The new password may have been used elsewhere, and attackers can exploit this too. The new password is also more likely to be written down, which represents another vulnerability. New passwords are also more likely to be forgotten, and this carries the productivity costs of users being locked out of their accounts, and service desks having to reset passwords. It’s one of those counter-intuitive security scenarios; the more often users are forced to change passwords, the greater the overall vulnerability to attack. What appeared to be a perfectly sensible, long-established piece of advice doesn’t, it turns out, stand up to a rigorous, whole-system analysis. CESG now recommend organisations do not force regular password expiry.
Links for 2016-04-19
permalink. Both comments and trackbacks are currently closed.. Bookmark the