Screensaver takes too much time to fade-out...

Jake Shipton jakems at fedoraproject.org
Fri Dec 16 14:39:45 UTC 2011 

On 16/12/11 13:02, Robert Moskowitz wrote:
> 
> 
> On 12/16/2011 01:51 AM, Tim wrote:
>> On Thu, 2011-12-15 at 13:08 +0000, Jake Shipton wrote:
>>> My next advise would be to do the following:
>>>
>>> 1) Regularly change your password, say every 3/6 months.
>> Personally, I don't see the point in this.  I think it's a fallacy.
> 
> I totally agree with you.  But after a couple years, I DO switch
> passwords.  They tend to creap and I can't be sure that someone other
> than my wife knows it.
> 
> Unless there is a big bug reported, what is the attack vector for M.
> Hacker?  SSH?  Watch your logwatch.  email attachments or web
> downloads?  Scan them first.
> 
> Choose a password with an entropy of ~40bits and you will be good unless
> you are a target of interest to somebody.
> 
>>
>> If they haven't guessed/cracked your password, there's no point in
>> changing it.  They haven't got in, and it's no easier or harder to guess
>> the current one from a new one.  Unlike in the movies, crackers don't
>> get clues to when they're getting close to guessing your password, it's
>> just pass or fail.  The probability that their next guess might be right
>> for your old password is just as improbable that their next guess might
>> be your new password.  And it's probably just as likely that if you
>> changed your password, you might change it to one that they were just
>> about to guess.  i.e. *Guessing* **any** password, correctly, is highly
>> improbable.
>>
>> If they have got your password, any clueful hacker will have put
>> something in so they're not obstructed by you changing the password
>> (backdoors, trojans, rootkits, et cetera).  And if you hadn't detected
>> them breaking in before, you're not going to notice it the next time.
>>
>> And it's hard enough to remember passwords, especially several of them,
>> without having to remember changing ones.
>>
Okay, so I was wrong about the password thing :-).

Although personally I'll still switch my passwords once a year like I
always have done :-). Old habits die hard.

Though my system is logged like a server should be, even though it's
just a plain and simple desktop on ethernet behind a router & firewall
not moving anywhere.. but I do like to know what my system does. I
probably would detect a break in attempt before they got in :-)


-- 
Jake

More information about the users mailing list