Interesting article, as always, but particularly that point (emphasis mine):
If a hacker gets your password either by guessing or stealing it, he can access your network as long as your password is valid. If you have to update your password every quarter, that significantly limits the utility of that password to the attacker.
At least, that’s the traditional theory. It assumes a passive attacker, one who will eavesdrop over time without alerting you that he’s there. In many cases today, though, that assumption no longer holds.
I’d never thought of that: password expiration is counter-productive now, but it did use to make some sense, when computer crime was different from what it is now. (And there’s a case to be made that it should still be relevant, then, in companies for which corporate espionage is a serious risk. Wonder if Apple expires its staff’s passwords?)
Want to know when I post new content to my blog? It's a simple as registering for free to an RSS aggregator (Feedly, NewsBlur, Inoreader, …) and adding www.ff00aa.com to your feeds (or www.garoo.net if you want to subscribe to all my topics). We don't need newsletters, and we don't need Twitter; RSS still exists.
Legal information: This blog is hosted par OVH, 2 rue Kellermann, 59100 Roubaix, France, www.ovhcloud.com.
Personal data about this blog's readers are not used nor transmitted to third-parties. Comment authors can request their deletion by e-mail.
All contents © the author or quoted under fair use.
