- Wednesday April 26th, 2006
One of my favourite topics is security mythology - that’s where a security concept has become ‘common sense’ or a de facto standard without any real understanding of why this has occurred. This also tends to result in the implementation of these mythological concepts without any real thought. One of the best examples of this is the concept of resetting passwords on a monthly basis. It originates from mainframe days at the DoD when password cracking was an issue. These days it’s blindly implemented and followed by most organisations without any understanding of the implications. This excellent article summarises the issues around periodical password resetting.
blog comments powered by Disqus