On Dec 29, 2010, at 12:37 PM, tedd wrote:
> At 11:06 AM +0200 12/29/10, Dotan Cohen wrote:
>> Also, change them {passwords} frequently.
>
> I've always wondered about that -- if your password works, then why change it? Where's the logic in that?
>
> From my perspective, it looks like "Hey, the crackers have not been able to crack this, so let's give them another chance". That doesn't sound logical.
>
> There are things we "think" are right, but is this practice supported in some way that's provable?
>
> Cheers,
>
> tedd
>
> --
> -------
> http://sperling.com/
An attacker manages to obtain the hashes and starts an attack. You change your password. The attacker now has to restart the attack.
Changing your passwords prevents an attack from continuing past the length of time between password changes.
Also if they _have_ managed to crack the password changing it forces them to crack it again, thus also limiting the time the account is compromised.
Regards,
-Josh
____________________________________
Joshua Kehn | Josh.Kehn@xxxxxxxxx
http://joshuakehn.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
