Security of using sudo rather than su?
Alan McKinnon
alan at linuxholdings.co.za
Fri Sep 15 07:39:59 UTC 2006
On Thursday 14 September 2006 19:39, Adam Funk wrote:
> > Some of them keep the same password on all machines for
> > years...
>
> I'm under the impression that forcing users to change
> passwords very frequently (and I realize you're not
> necessarily advocating *frequent* changes) is bad for
> security --- because the increased cognitive load leads them
> to pick lower-quality passwords than they might otherwise use
> and to try to rotate them (e.g. 4lm0nds1 -> 4lm0nds2 ->
> 4lm0nds3 and so on until the system will let them use the
> first one again).
I always found that when strong passwords are enforced,
knowledgeable users decide that it's far less work to hack the
auth system than to remember passwords that change
frequently...
alan
More information about the ubuntu-users
mailing list