password aging

[Doug Gwyn]

In article <17648 at adm.BRL.MIL> rbj at nav.icst.nbs.gov (Root Boy Jim) writes:
>I happen to believe that
>one should only choose *one* password *in their entire lifetime* and
>stick with it until one has reason to believe it has been compromised.

This should be modified somewhat; so long as the same encryption scheme
is being used, and the password is not thought to be vulnerable to the
standard attacks, one is sufficient until it is compromised.  However,
it would be folly to use your well-protected UNIX password on a public
BBS, for example, because very likely the password on the BBS is NOT so
well protected, and once it is stolen there it could be used to enter
your supposedly more secure system.  I tend to use a single (different)
password at each level of security, one for my accounts on public BBSes
and the like, where I don't much care if it's compromised, and one for
each type of protection (such as UNIX crypt()) on better-protected systems.

In response to Barry's suggestion that shadow (really, non-public)
password files are a panicky reaction to the Internet worm/virus:
I've recommended this for years.  AT&T adopted it for its MLS UNIX
well before the virus scare.  If done right, it adds a significant
amount of security to the typical UNIX system.  It's a good idea.