Security of using sudo rather than su?

Alan McKinnon alan at
Fri Sep 15 07:39:59 UTC 2006

On Thursday 14 September 2006 19:39, Adam Funk wrote:
> > Some of them keep the same password on all machines for
> > years...
> I'm under the impression that forcing users to change
> passwords very frequently (and I realize you're not
> necessarily advocating *frequent* changes) is bad for
> security --- because the increased cognitive load leads them
> to pick lower-quality passwords than they might otherwise use
> and to try to rotate them (e.g. 4lm0nds1 -> 4lm0nds2 ->
> 4lm0nds3 and so on until the system will let them use the
> first one again).

I always found that when strong passwords are enforced, 
knowledgeable users decide that it's far less work to hack the 
auth system than to remember passwords that change 


More information about the ubuntu-users mailing list