Re: Unknown rootkit causes compromised servers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



David Thompson wrote:
"Michael A. Peters" wrote:
I have never understood this.  If I have a good, strong password that nobody
knows, how is changing it to another one an improvement over what I already
have?
I agree with you.

For user accounts, changing one strong password for another gains you nothing, and may cause people to start writing things down, or choosing trivial passwords which still meet the password strength criteria, or whatever, actually weakening security.

However, if you have admins who come into or leave employment, changing privileged account passwords (read: root or equiv) is a necessary activity.


I disagree with this too, changing one strong password for another gains you plenty if someone has compromised the initial one.

The purpose of changing strong passwords is so that if someone has been fortunate enough to use some kind of method to get a password, they loose access again after the new password change and have to start over at the beginning to get back in.

This gains you plenty if someone who is unauthorized losses access.

If you are dealing with regular users, Bill will give Ted a password for one item when Bill goes on vacation since it is much easier than getting the IT weenies to change the access that Ted has ... besides he only needs to login one time while Bill is on vacation. However, if Bill never has to change his password then Ted has Bill's access forever.

Then of course there is the brute force guessing, etc.

Changing passwords at regular intervals is more secure than keeping the same passwords.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux