“Changing Passwords” [#FF00AA]

11 nov. 2010

Interesting article, as always, but particularly that point (emphasis mine):

If a hacker gets your password either by guessing or stealing it, he can access your network as long as your password is valid. If you have to update your password every quarter, that significantly limits the utility of that password to the attacker.

At least, that’s the traditional theory. It assumes a passive attacker, one who will eavesdrop over time without alerting you that he’s there. In many cases today, though, that assumption no longer holds.

I’d never thought of that: password expiration is counter-productive now, but it did use to make some sense, when computer crime was different from what it is now. (And there’s a case to be made that it should still be relevant, then, in companies for which corporate espionage is a serious risk. Wonder if Apple expires its staff’s passwords?)

2010/11/11 - 16:04

Vous voulez savoir quand je poste du contenu sur mon blog ? Il suffit de vous inscrire gratuitement à un agrégateur RSS (Feedly, NewsBlur, Inoreader, …) et d'ajouter www.ff00aa.com à vos flux (ou www.garoo.net pour vous abonner à tous les sujets). On n'a pas besoin de newsletters, pas besoin de Twitter, le RSS existe toujours.

Mentions légales : ce blog est hébergé par OVH, 2 rue Kellermann, 59100 Roubaix, France, www.ovhcloud.com.

Les données des visiteurs de ce blog ne sont pas utilisées ni transmises à des tiers. Les posteurs de commentaires peuvent demander leur suppression par e-mail.