Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Often Should You Change Your Password?

Posted by CmdrTaco on from the every-eight-seconds dept.

jhigh writes "Bruce Schneier asks the question, how often should you change your password? 'The primary reason to give an authentication credential — not just a password, but any authentication credential — an expiration date is to limit the amount of time a lost, stolen, or forged credential can be used by someone else. If a membership card expires after a year, then if someone steals that card he can at most get a year's worth of benefit out of it. After that, it's useless.' Another reason could be to limit the amount of time an attacker has to crack the password, but Bruce's analysis seems on target."

7 of 233 comments (clear)

  1. What's the point? by fieldstone · · Score: 1, Informative

    If someone steals your password, as I learned when my gmail account was hacked, the first thing they're going to do if they know anything is change both your password and your security questions. The only way changing your password will help is if the person who's stolen it is too dumb to do this, and that seems unlikely.

    1. Re:What's the point? by clang_jangle · · Score: 3, Informative

      Maybe I'm missing something here, but what's the problem with allowing the browser to remember logins for you if you don't ever allow anyone else to use your computer?

      The browser can be hacked; most of them have been at one time or another. Any data stored in the browser can potentially be retrieved by a third party. Personally, I consider memorizing a few passwords and their variants to be effort well-invested,

      I'm reasonably sure the way my account was hacked was when I stupidly logged into it on someone else's computer.

      That's one way it can happen.

      --
      Caveat Utilitor
    2. Re:What's the point? by rvw · · Score: 3, Informative

      If my goal is to use your GMail account for spam then yes, I will change the password. If my goal is to monitor your emails I most certainly will not change the password, and will just log in every day to read your correspondence.

      That's an excellent point. Unfortunately, even a regular change-of-password routine means that the malicious party gets a month, or three months, or six months, or what-have-you length of time following your account.

      This is why I am annoyed that so few systems implement the simple precaution of displaying the last date, time, and location from which I (putatively) logged in. At negligible cost, that information would allow me to detect a compromised account at next login, rather than remaining unknowingly insecure until my next password change.

      Gmail displays this information in the footer of the page. However, you must be aware of this, and you have to know what it means, what your IP-address is, etc. I know this info exists, but I almost never look at it to be honest.

    3. Re:What's the point? by moderatorrater · · Score: 3, Informative

      But TFA did - he mentions how after breaking up with someone you shared a computer with you should change all of your passwords. Almost like Bruce Schneier has had experience with that...

  2. Re:Case to case by Anonymous Coward · · Score: 2, Informative

    Bruce makes that same point in the full article, it just wasn't mentioned in the summary. ...yeah yeah, nobody RTFAs :(

  3. Re:Those key fob things should be universal by Anonymous Coward · · Score: 1, Informative

    Passwords are so 1990. I realize that it requires a little extra work, but those RSA-type key fobs that have the little LCD that displays a new "passcode" every minute should be universal by now... I love those things.

    They're not cheap to license, especially from RSA. A good alternative may be Yubikeys.

    Banks should issue them to everyone, employers should issue them to everyone...

    Many have. The criminals have found ways to get around them:

    http://www.schneier.com/blog/archives/2005/03/the_failure_of.html
    http://www.schneier.com/essay-083.html

    They certainly help, but they're no panacea. You also have to introduce mechanisms for when (!) people lose them: if your design depends on their presence, how do people get in without them? A lot more complicated than simply people having calling in, answering a bunch of questions, and having it reset (and it being mailed to them perhaps).

  4. Re:To Change or Not To Change by SnarfQuest · · Score: 2, Informative

    a very common attack is where the attacker gets hold of the hashed passwords one way or another.

    A system shouldn't make this easily avaiolable. The password file really should be hard to get. Besides giving you the hashed passwords, it also gives you a list of valid user names. Having to guess both the user names and the passwords makes breaking into a system much harder.

    --
    Who would win this election: Andrew Weiner vs Andrew Weiner's weiner.