On 07/24/2017 12:38 PM, Hideki Yamane wrote: > But it also makes administrator to remember it harder as its trade-off... > (and they maybe choose easy password as a result). It's a not good idea > to suggests to change root password periodically, IMO. It's not a best > practice.
I'd say it's one of two things: If it's easy, make sure to change it periodically. If it's hard enough to withstand brute-force, you don't need to. As I said: I'm totally with you that in a standard setup it'd great for that not to be necessary. Unfortunately the standard setup does not ship with the mitigating controls. Kind regards Philipp Kern
signature.asc
Description: OpenPGP digital signature
