Unconventional Wisdom
22 Citations•2006•
S. Bellovin
IEEE Secur. Priv.
No TL;DR found
Abstract
We are told that passwords are evil. We are told to change our passwords frequently, and never, never to write them down. We are even told that if you work for most U.S. corporations, frequent password changes are required by law. How much of this is true, and how much is simply mythology? Remarkably enough, the conventional wisdom can be wrong on all of these points, even the first.