Todd Walton wrote:
What security could there be in requiring passwords to be at least a
day old before you can change them?
None. And forcing users to rotate passwords actually *reduces* security.
I have a limited memory. If you force me off of one of my secure
passwords, you're going to get "Dork123", "Dork124", "Dork125", etc.
If you need protection against breakins that badly, you should be using
a token-based system anyway--no password system is going to work.
-a
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
