Re: No more Bugzilla for me

[Ralf Corsepius <rc040203 freenet de>]

Jesse Keating wrote:
> On Wed, 2009-04-22 at 14:31 +1000, Rodd Clarkson wrote:
> > Ah, I'm a little confused.
> >
> > All that was requested was a change of password.  This doesn't stop Joe
> > Public from signing up and accessing bugzilla, and presumably doesn't
> > stop Joe from viewing leaky NDA's.
> >
> > All it seems to do is make me have to change a password.
> >
> > Surely if there are leaks using the old password, then there's still
> > leaks with my new password (which is actually my old password since I
> > went back in and changed it back).
>
> There is a theory that changing passwords on a regular bases lessens the
> risk of somebody's password being stolen and used nefariously.
There are studies, which state to counterprove such statements (Sorry, 
nor reference at hand).

They claim the key to password security is to use strong passwords, 
while frequently changing passwords only cause users to reuse the same 
or variations of the weak passwords they already used elsewhere.

Ralf