Bug#868869: debian-installer should not recommend to change password periodically (and more)
On Tue, Jul 25, 2017 at 11:22:19PM +0200, Philipp Kern wrote:
> On 07/24/2017 12:38 PM, Hideki Yamane wrote:
> > But it also makes administrator to remember it harder as its trade-off...
> > (and they maybe choose easy password as a result). It's a not good idea
> > to suggests to change root password periodically, IMO. It's not a best
> > practice.
>
> I'd say it's one of two things: If it's easy, make sure to change it
> periodically. If it's hard enough to withstand brute-force, you don't
> need to.
The problem with regular-change policies is that it *encourages* easy
passwords, since if you want to remember something generated by "pwgen
-s 15" or some such, it will take you quite a while to do so, and by
that time it may be time to renew it again.
--
Could you people please use IRC like normal people?!?
-- Amaya Rodrigo Sastre, trying to quiet down the buzz in the DebConf 2008
Hacklab
Reply to: