« Home | "Free" certification exam for Live Communications ... » | Microsoft Office Genuine Advantage (OGA) Validatio... » | Microsoft Windows Genuine Advantage (WGA) Validati... » | Microsoft Product Licensing » | Windows Live™ Messenger Beta available » | Earn £20k Reward For Reporting Software Piracy » | IE7 Beta 2 Released » | Crossing the Limits » | BangaloreITPro - Windows Server 2003 R2 Launch » | An Indian in the WWE! »

This blog has moved to its own domain. Please visit Ashwin's Blog for the all-new Ashwin's Tech Blog and bookmark it. The new site has much more content and some new sections, and you can read about them here and here. You can subscribe to full RSS feeds of all the sections from here. This blogspot site will no longer be updated, except in case of emergencies, if the main site suffers a prolonged outage. Thanks - Ashwin.

Security Myths and Passwords

A good article on Security Myths and Passwords on Cerias Weblog

In the practice of security we have accumulated a number of “rules of thumb” that many people accept without careful consideration. Some of these get included in policies, and thus may get propagated to environments they were not meant to address. It is also the case that as technology changes, the underlying (and unstated) assumptions underlying these bits of conventional wisdom also change. The result is a stale policy that may no longer be effective…or possibly even dangerous.

Policies requiring regular password changes (e.g., monthly) are an example of exactly this form of infosec folk wisdom.

From a high-level perspective, let me observe that one problem with any widespread change policy is that it fails to take into account the various threats and other defenses that may be in place. Policies should always be based on a sound understanding of risks, vulnerabilities, and defenses. “Best practice” is intended as a default policy for those who don’t have the necessary data or training to do a reasonable risk assessment.




Return Home

About me

  • I'm Ashwin Kini
  • From Mumbai, Maharashtra, India
My profile



Locations of visitors to this page

Enter your email address:




Add to Google

Subscribe in NewsGator Online

Subscribe in Rojo

Add Ashwin's Blog to Newsburst from CNET News.com

Add to My AOL

Subscribe in FeedLounge

Add to netvibes

Subscribe in Bloglines

Subscribe with Bloglines

Add to Bitty Browser

Add to Plusmo

Subscribe in NewsAlloy

Add Ashwin's Blog to ODEO

Subscribe in podnova

iPing-it!

Creative Commons License

Firefox 2

Firefox Flicks!

Get Thunderbird!

Get Firefox!

Firefox 2

My Blog at Adoppt
Powered by Blogger
 

india