Dear Linkedin,

Hal Murray hmurray at megapathdsl.net
Fri Jun 8 22:33:29 UTC 2012


>> I have accounts at probably 100's of sites. Am I to understand
>> that I am supposed to remember each one of them and dutifully
>> update them every month or two?

> Yes; of course if most of those accounts are moribund and unused then you
> don't need to change them so often, but the passwords you use frequently
> should be changed at regular intervals.

> It's pretty commonsensical once the threat is understood. 

Does anybody have a good URL explaining that idea?  It's been kicking around 
for many years.  I've never seen a convincing writeup.

Does your bank request/require that you change the PIN on your ATM card every 
few months?

Security is a tradeoff.  I think there are two cases for passwords.  I'll 
call them important and junk.  I'm willing to store the junk ones in a file 
or piece of paper that I'm careful with.  I have to memorize the important 
ones.

I'm only smart enough to memorize a few good passwords.  If I change them 
every few months, they will be less good, or fewer of them.


-- 
These are my opinions.  I hate spam.







More information about the NANOG mailing list