I previously posted a defense of password expiration on this blog. Since that time, my perspective has changed and I no longer consider password expiration to be a useful security measure. Here is my reasoning, reposted from my current blog: Password Expiration One common bit of advice with respect to security is to require frequent…
[Edit: This entry was posted in 2006. I no longer consider password expiration to be a useful security measure. Please see my new post on this topic here or here. I've also added some in-line comments below.] Recently, as noted on Slashdot, Gene Spafford, author of Practical Unix and Internet Security and one of…
I’m in San Diego attending LISA this week. LISA is, by far, the most useful conference I’ve ever attended. It also happens to be the best place in the world to meet the authors of one’s favorite O’Reilly books. So far I’ve seen Tom Limoncelli, Randal Schwartz, Elizabeth Zwicky and AEleen Frisch roaming the halls….