Bug#656509: closed by Cyril Brulebois <kibi@debian.org> (Re: Bug#656509: user-setup-udeb: Please consider amending password advice)

[Brian Potkin <claremont102@gmail.com>]

On Sun 02 Mar 2014 at 15:27:46 +0000, Debian Bug Tracking System wrote:

> > Quoting Brian Potkin (claremont102@gmail.com):
> > > d-i says:
> > > 
> > >    A good password will contain a mixture of letters, numbers and
> > >    punctuation and should be changed at regular intervals.
> > > 
> > > Complexity in a password is good and probably unarguable, although
> > > length should also be considered to have some importance, Why advise
> > > changing it at regular intervals? Why not advocate not imparting it to
> > > anyone or not reusing it on other systems? Is there something which
> > > causes a good password to degenerate over time?
> > > 
> > > The second part of the advice does not appear to have any technical
> > > basis so removing it would be of little consequence.
> 
> It takes a few seconds to find something like this in a search engine:
>   https://www.schneier.com/blog/archives/2010/11/changing_passwo.html

Thank you; I had read that debatable article before submitting the
report. The interesting paragraph begins

   So in general: you don't need to regularly change the password to your computer . . .

The arguments presented there and elsewhere have persuaded me to adopt
a policy of changing my login password as frequently as I change the
locks on the doors of my house and my car. :)

Thanks for all your work with d-i.

Regards,

Brian.