Am 09.04.2014 22:06, schrieb Robert Schetterer:
Am 09.04.2014 19:54, schrieb Reindl Harald:
i have faced users in real life with where punsihed by change their passwords each month and the result was that not a single of them was secure or not stored somewhere while the same person would have choosed something like below otherwise
yes its common and old security practice to force password changes at some terms in many software products, looks like many coders agreed that this is a good idea, but for sure they had not your universal jedi power
that's polemic
it is not a matter of "jedi power", it's a matter of how likely it is that your password maybe get stolen and how many really secure passwords a human kan keep in his mind compared with change them again and again forcing to store the password on a place where it is more likely to get compromised
if the password i am using for critical infrastructure leaves my hands it would be a nightmare - a braindump is unliekly, get whatever store containing it compromised is more likely
the same for the class of not that critical passwords, generated with random algorithms and because that stored in password safes which *may* be compromised but better than "shitpwd-year-moth-123"
so stop this polemic, there is no asbolute right solution in case of credentials and before a user chosses "fuckingadmin123" i prefer passwords like "!Y*c*k*m*b*S!*"