[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Dear Linkedin,

Subject: Dear Linkedin,
From: johnl at iecc.com (John Levine)
Date: 8 Jun 2012 21:59:20 -0000
In-reply-to: <[email protected]>

>Yes; of course if most of those accounts are moribund and unused then you don't need
>to change them so often, but the passwords you use frequently should be changed at
>regular intervals.
>
>It's pretty commonsensical once the threat is understood.

Given that most compromised passwords these days are stolen by malware
or phishing, I'm not understanding the threat, unless you're planning
to change passwords more frequently than the interval between malware
stealing your password and the bad guys using it.

I agree that keeping a big file of unsalted hashes is a dumb idea, but
there isn't much that users can do about services so inept as to do
that.

R's,
John

Follow-Ups:
- Dear Linkedin,
  - From: alec.muffett at gmail.com (Alec Muffett)

References:
- Dear Linkedin,
  - From: alec.muffett at gmail.com (Alec Muffett)

Prev by Date: LinkedIn password database compromised
Next by Date: BGP Update Report
Previous by thread: Dear Linkedin,
Next by thread: Dear Linkedin,
Index(es):
- Date
- Thread