Issue No.01 - January/February (2006 vol.4)
Steve Bellovin , Columbia University
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2006.28
We are told that passwords are evil. We are told to change our passwords frequently, and never, never to write them down. We are even told that if you work for most U.S. corporations, frequent password changes are required by law. How much of this is true, and how much is simply mythology? Remarkably enough, the conventional wisdom can be wrong on all of these points, even the first.
email, passwords, authentication, single-sign-on
Steve Bellovin, "Unconventional Wisdom", IEEE Security & Privacy, vol.4, no. 1, pp. 88, January/February 2006, doi:10.1109/MSP.2006.28