On 12/16/2011 01:51 AM, Tim wrote:
On Thu, 2011-12-15 at 13:08 +0000, Jake Shipton wrote:
My next advise would be to do the following:
1) Regularly change your password, say every 3/6 months.
Personally, I don't see the point in this. I think it's a fallacy.
I totally agree with you. But after a couple years, I DO switch
passwords. They tend to creap and I can't be sure that someone other
than my wife knows it.
Unless there is a big bug reported, what is the attack vector for M.
Hacker? SSH? Watch your logwatch. email attachments or web
downloads? Scan them first.
Choose a password with an entropy of ~40bits and you will be good unless
you are a target of interest to somebody.
If they haven't guessed/cracked your password, there's no point in
changing it. They haven't got in, and it's no easier or harder to guess
the current one from a new one. Unlike in the movies, crackers don't
get clues to when they're getting close to guessing your password, it's
just pass or fail. The probability that their next guess might be right
for your old password is just as improbable that their next guess might
be your new password. And it's probably just as likely that if you
changed your password, you might change it to one that they were just
about to guess. i.e. *Guessing* **any** password, correctly, is highly
improbable.
If they have got your password, any clueful hacker will have put
something in so they're not obstructed by you changing the password
(backdoors, trojans, rootkits, et cetera). And if you hadn't detected
them breaking in before, you're not going to notice it the next time.
And it's hard enough to remember passwords, especially several of them,
without having to remember changing ones.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org