undefined | Better HN

0 pointsEun9y ago0 comments

True in some points. Password rotation is bad. But isn't it better to rotate a bad password than keeping a bad password?

Furthermore if you have a internal system, the administrator should enforce certainly password conditions. They could even forbid the use of old passwords...

0 comments

brudgers9y ago

One common criterion for a 'bad password' is a password that is already contained in a rainbow table or is easily generated upon creation of a new rainbow table.

If the current password is in the table, how long it has been in use doesn't matter.

Rotating passwords mostly addresses an internal workplace issue of sharing passwords between coworkers. That's a symptom of security culture problems and probably more deeply operational organization problems => why don't people have access to the tools they need when they need them?

j / k navigate · click thread line to collapse

0 pointsEun9y ago0 comments

True in some points. Password rotation is bad. But isn't it better to rotate a bad password than keeping a bad password?

Furthermore if you have a internal system, the administrator should enforce certainly password conditions. They could even forbid the use of old passwords...

0 comments

brudgers9y ago

One common criterion for a 'bad password' is a password that is already contained in a rainbow table or is easily generated upon creation of a new rainbow table.

If the current password is in the table, how long it has been in use doesn't matter.

j / k navigate · click thread line to collapse