On 12/16/2011 12:45 PM, Patrick O'Callaghan wrote:
On Fri, 2011-12-16 at 17:21 +1030, Tim wrote:
On Thu, 2011-12-15 at 13:08 +0000, Jake Shipton wrote:
My next advise would be to do the following:
1) Regularly change your password, say every 3/6 months.
Personally, I don't see the point in this. I think it's a fallacy.
+1
This is one of those corporate "Best Practices" which someone made up
back in the mainframe era when dinosaurs roamed the Earth.
And passwords were limited to 8 characters. I remember the days well.
It may have
made a little sense then. I believe the argument was "You're going to
make up some lame password anyway, so at least change it from time to
time". It makes absolutely no sense now. Use a password generation tool
or one of the many ways of getting a memorable but hard to guess
passphrase.
Unfortunately, a large part of the corporate Internet hasn't got the
memo, so they keep forcing you to go through this nonsense. I just went
through a security audit in which the external auditors insisted on it
over our strenuous objections. I think we're going to replace passwords
with a token-based authentication system, which is a damned sight more
secure anyway.
Again, read: http://www.cryptosmith.com/password-sanity
Richard can supply your IT with some common sense. Or if they prefer
Schniener, I can probably contact him for a reference URL...
We just switched from the RSA hard tokens to the soft tokens. 'More'
secure. This is an interim step, as we are expecting to be eating our
own dog food sooner rather than later.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
