On Sun, 02 Dec 2007 08:45:10 +0900 John Summerfield <debian@xxxxxxxxxxxxxxxxxxxxxx> wrote: > To defeat the "change your password" myth, google '"best practice" > password security.' There's a paper I've turned up a couple of times, > most recently in the past week, where a professor argues changing > passwords regularly might have been a good idea 40 years ago, but not > now. His argument seems good to me, and I've not changed my preferred > password in over five years (and I've not disclosed it to anyone). Hey! I know its a myth, but it is dear to the hearts of the morons running the Sarbanes-Oxley audits at work, so changing passwords it is. Of course, as expected, they only care about the passwords in the Windows domain. No one has changed their linux password in years :-)..
