- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
re: Required password changes
Posted on 5/21/20 at 3:53 pm to TH03
Posted on 5/21/20 at 3:53 pm to TH03
quote:
Constantly changing passwords always means people choose ones that are easy to remember. It always turns out to be much less secure than just keeping the same one or changing much less frequently.
Which is why NIST has already changed their guidelines concerning frequency of password changes.
A long passphrase that is changed infrequently is much more secure than a shorter, complex one that's changed frequently...for just the reasons you stated.
Posted on 5/21/20 at 3:54 pm to Centinel
I was literally just copying that part of the article.
I think you and I have discussed this before too.
I think you and I have discussed this before too.
quote:
Should organizations mandate regular password changes? The National Institute of Standards and Technology (NIST) explained in a 2009 publication on enterprise password management that while password expiration mechanisms are “beneficial for reducing the impact of some password compromises,” they are “ineffective for others” and “often a source of frustration to users.” They went on to encourage organizations to balance security and usability needs, outlining some factors to consider. NIST emphasized that other aspects of password policies may have greater benefits than mandatory expiration, including requirements for password length and complexity, as well as use of slow hash functions with well-chosen “salt” (a technique to make sure that if two users have the same password they won’t look the same when hashed).
Popular
Back to top
Follow TigerDroppings for LSU Football News