Issue No. 01 - January/February (2006 vol. 4)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2006.28
Steve Bellovin , Columbia University
We are told that passwords are evil. We are told to change our passwords frequently, and never, never to write them down. We are even told that if you work for most U.S. corporations, frequent password changes are required by law. How much of this is true, and how much is simply mythology? Remarkably enough, the conventional wisdom can be wrong on all of these points, even the first.
email, passwords, authentication, single-sign-on
Steve Bellovin, "Unconventional Wisdom", IEEE Security & Privacy, vol. 4, no. , pp. 88, January/February 2006, doi:10.1109/MSP.2006.28