[Cryptography] Possible reason why password usage rules are such a mess

Radia Perlman radiaperlman at gmail.com
Thu Mar 5 14:36:02 EST 2020


On Wed, Mar 4, 2020 at 9:58 AM Peter Gutmann <pgut001 at cs.auckland.ac.nz>
wrote:

> There has been some speculation in the past over why we have so many cargo-
> cult password security rules that make no sense in any modern context, the
> prime example being the need to change passwords periodically.
>

I've never heard a good technical explanation for requiring periodic
password changes, but wouldn't all the arguments about why it's silly to
require frequent password changes apply to requiring certificate renewals?
(and while we're at it, though I don't want to distract from the "why must
certificates be periodically renewed" question...why does my driver's
license, which proves who I am, not work for getting on an airplane if the
license is expired...I can understand if they won't let me fly the plane
with an expired driver's license, but I'm just planning on being a
passenger.)

Radia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20200305/a0325721/attachment.htm>


More information about the cryptography mailing list