Jesse Keating wrote:
On Wed, 2009-04-22 at 14:31 +1000, Rodd Clarkson wrote:
Ah, I'm a little confused.
All that was requested was a change of password. This doesn't stop Joe
Public from signing up and accessing bugzilla, and presumably doesn't
stop Joe from viewing leaky NDA's.
All it seems to do is make me have to change a password.
Surely if there are leaks using the old password, then there's still
leaks with my new password (which is actually my old password since I
went back in and changed it back).
There is a theory that changing passwords on a regular bases lessens the
risk of somebody's password being stolen and used nefariously.
There are studies, which state to counterprove such statements (Sorry,
nor reference at hand).
They claim the key to password security is to use strong passwords,
while frequently changing passwords only cause users to reuse the same
or variations of the weak passwords they already used elsewhere.
Ralf
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
