Changing Password Every x Days

by TrueJournals on Jun.13, 2009, under life, thoughts

This will be the second in my series of security topics from a non-security expert, I suppose.� I just calls ’em hows I sees ’em.

As you may or may not know, I will be attending Valparaiso University this Fall as a Freshman.� When I attended Valparaiso’s Freshman orientation program, they taught us a lot about their online systems.� One thing I learned was that I will need to change my password every 185 days, and when I change it, it can’t be similar to whatever I had last time.� The idea here is that this will be more secure, because hackers will never know your password for an extended period.� However, I see a problem with this.

Forcing me to change my password to something completely different means forcing me to memorize a new password, something completely different, too.� Now, personally, I don’t think this will be much of a problem, because I’m pretty good at memorizing things.� However, if you aren’t that good at memorizing, this could cause a big problem: the urge to write down your password.� As anyone could tell you, writing down a password immediately creates a security risk, because anyone could see it written on a piece of paper, or take the paper, etc.� The safest place for a password is in your brain, and in your brain only.

So, is forcing users to change their password really more secure?� For some people, I think it will help, but I think it’s a practice that could only hurt others.� A better idea would be to enforce good password practice: have users create a nice, good length, password, containing at least one letter, number, capital letter, and special character.� Want to go for more security?� Force it to start and end with a letter.� Don’t just let the user tack an exclaimation mark on an otherwise easy-to-guess password.

Overall, I don’t think there will ever be a formula for password security.� There is no one end-all be-all tip I can give for keeping your password away from hackers.� Perhaps forcing people to change their password every x days really does help security.� But, I’d like to see some concrete proof of this before I believe it.

:password, security, thoughts

1 Comment for this entry

mlmaloni@comcast.net
September 15th, 2009 on 11:57 pm
You are right in that changing passwords is a pain in the neck andif you think once every 185 days is a pain wiat until you enter the working world and its like multiple applications each with a password that must be cahnged every 30 days.

RSS feed for this post (comments) · TrackBack URI

Why, hello there!
What is this blog? It's simple, really: the life and times of a college nerd, majoring in Computer Engineering. Included topics: maemo, python, life, whatever I feel like.
Tags
apple best picture brainstorm c++ caller id comcast facebook flac gaming glade google googleplus google plus gym hacking Internet invitation invite itt javascript life linux maemo mcedit microsoft movies mp3 ogg oscars pe physics programming python school science security talk.maemo.org tearbookmarks tech technology thoughts twitter update website weightwatchers

Categories
- hardware
- life
- maemo
- programming
- python
- realbasic
- technology
- thoughts
- Uncategorized
- website

Meta

TrueJournals