How Often Should You Change Your Password? 233
jhigh writes "Bruce Schneier asks the question, how often should you change your password? 'The primary reason to give an authentication credential — not just a password, but any authentication credential — an expiration date is to limit the amount of time a lost, stolen, or forged credential can be used by someone else. If a membership card expires after a year, then if someone steals that card he can at most get a year's worth of benefit out of it. After that, it's useless.' Another reason could be to limit the amount of time an attacker has to crack the password, but Bruce's analysis seems on target."
What's the point? (Score:1, Informative)
Re:Case to case (Score:2, Informative)
Bruce makes that same point in the full article, it just wasn't mentioned in the summary. ...yeah yeah, nobody RTFAs :(
Re:What's the point? (Score:4, Informative)
The browser can be hacked; most of them have been at one time or another. Any data stored in the browser can potentially be retrieved by a third party. Personally, I consider memorizing a few passwords and their variants to be effort well-invested,
That's one way it can happen.
Re:What's the point? (Score:4, Informative)
If my goal is to use your GMail account for spam then yes, I will change the password. If my goal is to monitor your emails I most certainly will not change the password, and will just log in every day to read your correspondence.
That's an excellent point. Unfortunately, even a regular change-of-password routine means that the malicious party gets a month, or three months, or six months, or what-have-you length of time following your account.
This is why I am annoyed that so few systems implement the simple precaution of displaying the last date, time, and location from which I (putatively) logged in. At negligible cost, that information would allow me to detect a compromised account at next login, rather than remaining unknowingly insecure until my next password change.
Gmail displays this information in the footer of the page. However, you must be aware of this, and you have to know what it means, what your IP-address is, etc. I know this info exists, but I almost never look at it to be honest.
Re:Those key fob things should be universal (Score:1, Informative)
Passwords are so 1990. I realize that it requires a little extra work, but those RSA-type key fobs that have the little LCD that displays a new "passcode" every minute should be universal by now... I love those things.
They're not cheap to license, especially from RSA. A good alternative may be Yubikeys.
Banks should issue them to everyone, employers should issue them to everyone...
Many have. The criminals have found ways to get around them:
http://www.schneier.com/blog/archives/2005/03/the_failure_of.html
http://www.schneier.com/essay-083.html
They certainly help, but they're no panacea. You also have to introduce mechanisms for when (!) people lose them: if your design depends on their presence, how do people get in without them? A lot more complicated than simply people having calling in, answering a bunch of questions, and having it reset (and it being mailed to them perhaps).
Re:What's the point? (Score:4, Informative)
Re:To Change or Not To Change (Score:2, Informative)
a very common attack is where the attacker gets hold of the hashed passwords one way or another.
A system shouldn't make this easily avaiolable. The password file really should be hard to get. Besides giving you the hashed passwords, it also gives you a list of valid user names. Having to guess both the user names and the passwords makes breaking into a system much harder.