Michael O'Keefe wrote: > > I've never understood password aging. > If your system is so fragile that it cannot withstand users keeping > their passwords indefinitely, I'd be looking at the systems fragility, > not password rotation.
It is not about system fragility, it has to do with people re-using passwords. Most people will pick one, maybe two, passwords and use them everywhere. For their work systems, for their home systems, for gmail, for web forum, e-bay, amazon, *everything*. It takes one slip up for that password to become exposed. It has nothing to do with the securty of the system, but the fragility of the users. Your only defense is to ensure that an exposed password has only a limited window of opportunity. This is done by making users reset their passwords every so often. -john -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
