Screensaver takes too much time to fade-out...
Robert Moskowitz
rgm at htt-consult.com
Fri Dec 16 13:02:03 UTC 2011
On 12/16/2011 01:51 AM, Tim wrote:
> On Thu, 2011-12-15 at 13:08 +0000, Jake Shipton wrote:
>> My next advise would be to do the following:
>>
>> 1) Regularly change your password, say every 3/6 months.
> Personally, I don't see the point in this. I think it's a fallacy.
I totally agree with you. But after a couple years, I DO switch
passwords. They tend to creap and I can't be sure that someone other
than my wife knows it.
Unless there is a big bug reported, what is the attack vector for M.
Hacker? SSH? Watch your logwatch. email attachments or web
downloads? Scan them first.
Choose a password with an entropy of ~40bits and you will be good unless
you are a target of interest to somebody.
>
> If they haven't guessed/cracked your password, there's no point in
> changing it. They haven't got in, and it's no easier or harder to guess
> the current one from a new one. Unlike in the movies, crackers don't
> get clues to when they're getting close to guessing your password, it's
> just pass or fail. The probability that their next guess might be right
> for your old password is just as improbable that their next guess might
> be your new password. And it's probably just as likely that if you
> changed your password, you might change it to one that they were just
> about to guess. i.e. *Guessing* **any** password, correctly, is highly
> improbable.
>
> If they have got your password, any clueful hacker will have put
> something in so they're not obstructed by you changing the password
> (backdoors, trojans, rootkits, et cetera). And if you hadn't detected
> them breaking in before, you're not going to notice it the next time.
>
> And it's hard enough to remember passwords, especially several of them,
> without having to remember changing ones.
>
More information about the users
mailing list