Re: minimum number of days between password change

To: debian-user@lists.debian.org
Subject: Re: minimum number of days between password change
From: "Jesús M. Navarro" <jesus.navarro@undominio.net>
Date: Mon, 1 Nov 2010 23:45:38 +0200
Message-id: <[🔎] 201011012245.38353.jesus.navarro@undominio.net>
In-reply-to: <[🔎] 4CCEFD8D.9050200@cox.net>
References: <[🔎] 4CCEEABA.3090404@seznam.cz> <[🔎] 4CCEFD8D.9050200@cox.net>

Hi, Ron:

On Monday 01 November 2010 18:49:01 Ron Johnson wrote:
[...]
> If someone learns my password on day 2, they have full access to my
> account for 74 days, or I must beg for SysAdmin help?
>
> "Minimum number of days" isn't a very bright idea.

It is, for a low minimum number.

The rationale is to avoid the user reusing passwords: Ok, so my password is 
12345678 and I must change it now?  Let's do it: 87654321; but immediately I 
change back again.

So if the minimum change time is about a week, it takes about the same effort 
to learn the new password than to change it back.

Cheers.

Reply to:

Follow-Ups:
- Re: minimum number of days between password change
  - From: Ron Johnson <ron.l.johnson@cox.net>

References:
- minimum number of days between password change
  - From: Lukas Baxa <baxic-cs@seznam.cz>
- Re: minimum number of days between password change
  - From: Ron Johnson <ron.l.johnson@cox.net>

Prev by Date: Re: scripting question: to parse data with varname=value pattern the easiest way?
Next by Date: Re: minimum number of days between password change
Previous by thread: Re: minimum number of days between password change
Next by thread: Re: minimum number of days between password change
Index(es):
- Date
- Thread