我正在寻找有关频繁更改密码的安全影响的研究,研究每隔一两个月或类似情况强制更改一次密码带来的安全好处/问题。
有人知道吗?
最佳答案
Here是一篇关于密码策略的研究文章。它提到了人们应该更改密码的频率以及其他一些非常有趣的内容。以下是摘录。
Some experts say that periodic password changes will reduce the damage if an attacker intercepts a password: once the password is changed, the attacker is locked out. This assumes that the recovered password will not give the attacker any hints about the victim's current password. In fact, periodic password changes tend to encourage people to design sequences of passwords, like secret01a, secret01b, secret01c, and so on.
This allows users to easily choose and remember a new password when the old one expires. Such sequences are usually pretty obvious to an attacker, so any one of the victim's old passwords will probably provide the attacker with a reasonably small number of passwords to guess at.
关于security - 是否有支持或反对频繁更改密码的研究?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/767310/