On Fri, 2011-12-16 at 17:21 +1030, Tim wrote: > On Thu, 2011-12-15 at 13:08 +0000, Jake Shipton wrote: > > My next advise would be to do the following: > > > > 1) Regularly change your password, say every 3/6 months. > > Personally, I don't see the point in this. I think it's a fallacy. +1 This is one of those corporate "Best Practices" which someone made up back in the mainframe era when dinosaurs roamed the Earth. It may have made a little sense then. I believe the argument was "You're going to make up some lame password anyway, so at least change it from time to time". It makes absolutely no sense now. Use a password generation tool or one of the many ways of getting a memorable but hard to guess passphrase. Unfortunately, a large part of the corporate Internet hasn't got the memo, so they keep forcing you to go through this nonsense. I just went through a security audit in which the external auditors insisted on it over our strenuous objections. I think we're going to replace passwords with a token-based authentication system, which is a damned sight more secure anyway. poc -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
