Regularly?changing your passwords is not enough

1 day

Your company and some websites force you to regularly change your passwords, like every three months or so. How often do you?need to change your passwords for all your other logins (if at all)?

Lots of organizations require mandatory password changes because it's long been considered a security "best practice." However, there are pros and cons to that rule, so before you decide if you need to regularly change your other passwords, let's take a look at the times when changing your password often makes sense???and when it doesn't.

Why companies enforce password duration policies
When you change your password every few months, it limits how long a stolen password is useful to a stealthy attacker???how long he or?she has access to your account. If someone steals your password and you don't know about it, the attacker could eavesdrop for an unlimited time and glean all sorts of information about you or do other damage.

Therefore, for decades, many security guidelines have recommended frequent password changes, usually between 30 and 180 days. Windows Server has a default of 42 days.

However, in most cases, these might now be outdated policies or recommendations. At the very least, it's highly debatable that changing passwords frequently actually does increase security.

Why changing your passwords often may be a waste of time
A?Microsoft study?a couple of years ago found that?mandatory password changes cost billions in lost productivity???for very little security payoff. Other computer security resources (Purdue University,?Health Informatics, and?Life as a CIO blog, for example) point out that the "best practice" of frequently changing passwords does little to improve security but much to increase everyone's frustration. Users typically end up choosing variations on the same simple passwords (e.g., password3) or resorting to sticky notes taped to their laptops. In other words, in some cases password changing requirements could actually?increase?risk.?

Security expert Bruce Schneier?points out?that in most cases today attackers won't be passive. If they get your bank account login, they won't wait two months hanging around, but will transfer the money out of your account right away. In the case of private networks, a hacker might be more stealthy and stick around eavesdropping, but he's less likely to continue to use your stolen password and will instead install backdoor access. Regular password changes won't do much for either of those cases. (Of course, in both instances, it's critical to change your password as soon as the security breach is found and the intruder blocked.)

In today's crazy hacker-friendly system, frequent password changes are less relevant than ever. The?NIST?says that password expiration policies are "irrelevant for mitigating cracking," because?not only are hackers totally on to our clever password tricks, they've got more advanced hardware and software:

Generally, password expiration periods are not of much help in mitigating cracking because they have such a small effect on the amount of effort an attacker would need to expend, as compared to the effect of other password policy elements. Suppose that an organization reduced its password expiration period from 60 days to 30 days. An attacker would simply need to use twice the hardware resources to compensate for this change.

Hackers have?machines that can break 348?billion?NTLM password hashes per second. (NTLM is a password encryption algorithm used in Windows. At 348 billion NTLM hashes per second, any 8-character password could be broken in 5.5 hours.)

So, really, changing all your passwords every 30 or 90 days isn't very worthwhile and isn't likely to increase your security. That's a good thing, because?many of us would rather clean the toilet than change our passwords.

Accounts for?which you might want to change your passwords regularly
As is usually the case, there are exceptions. For certain types of accounts, hackers may be more likely to "listen in" and silently stick around for months until they glean important information from you. Schneier points out that if your kid sister or the tabloid press (if you're a celebrity of some sort) has your Facebook password, for example, they'll likely listen until you change your password, which could be months or years if you never find out about it.

In general, this is Schneier's advice:

You don't need to regularly change the password to your computer or online financial accounts (including the accounts at retail sites); definitely not for low-security accounts. You should change your corporate login password occasionally, and you need to take a good hard look at your friends, relatives, and paparazzi before deciding how often to change your Facebook password. But if you break up with someone you've shared a computer with, change them all.

I would add you might consider regularly changing passwords for communication-type sites that don't have two-factor authentication: Email, especially, and things like IM or conferencing services. These are more snoop-friendly services where hackers might listen in for months before you find out. (On the other hand, you?really?should be using an email service with two-factor authentication, since it's a goldmine for hackers if they can get into it. It's probably the most important account for you to secure, along with your password manager and computer account.) Some services, including Gmail, Facebook, and Dropbox, show you active sessions, so as a general security precaution, you can check those to make sure no one else is logging into your accounts.

Above all else: Beef up your security in general
It's much more important that you choose a unique password for all accounts???one as long as possible???and strengthen all your other security options (two-factor authentication, making your password recovery questions unguessable, and backing everything up), because, in the end,?strong passwords aren't enough???no matter how often you change them.

If you have any weak or duplicate passwords anywhere, definitely change them as soon as possible. Also consider each regular security breach a reminder to?audit and update?not just your passwords, but your security setup in general???if needed. After all of that, enjoy the peace of mind that you're doing the best you can???and save yourself the hassle of changing all your passwords on a schedule.

More from Lifehacker:

Source: http://www.nbcnews.com/technology/technolog/how-often-should-you-change-your-passwords-1C7511554

james neal jackie robinson virginia tech emancipation proclamation april 16 tornadoes mitch hedberg

Live chat: Army football, today at 2:30 p.m.

"; aryZooms[imgCounter] = "javascript: NewWindow(870,675,window.document.location+'&Template=photos&img="+imgCounter+"')"; var match = /\/Times Herald-Record/.test(''); if (match==false || ''==''){ document.getElementById('purchasePhoto').style.display = "none"; } else { document.getElementById('purchasePhoto').style.display = "inline"; } bolImages=true;

Published: 2:00 AM - 12/08/12
Last updated: 2:00 PM - 12/08/12

Join Sal Interdonato, Kevin Gleason and Will Montgomery for a live chat on the Army-Navy game Saturday starting at 2:30 p.m. and running throughout the game.

Here is the link:


We reserve the right to remove any content at any time from this Community, including without limitation. Please check our Community Rules for more information. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or fill out this form. New comments are only accepted for two weeks from the date of publication.

Source: http://recordonline.com/apps/pbcs.dll/article?AID=/20121208/SPORTS12/121209768/-1/rss02

peeps nhl playoffs masters 2012 masters the borgias shroud of turin warren sapp

Obama's Medicaid expansion: How many states are likely to rebel?

The Supreme Court ruled that states do not have to abide by the expansion of Medicaid under President Obama's health-care law. There are strong economic arguments on both sides.

By Peter Grier,?Staff writer / December 8, 2012

Alvin Hoover, CEO of King's Daughters Medical Center in Brookhaven, Miss., stands by the emergency-room station. He says hospital administrators worry that without a Medicaid expansion, they could be saddled with rising costs from treating uninsured patients.

Rogelio V. Solis/AP/File

Enlarge

What states will participate in Obamacare?s expansion of the Medicaid program? The answer to that will have a profound effect on national and state health-care budgets and the number of uninsured US residents for years to come.

Skip to next paragraph

' + google_ads[0].line2 + '
' + google_ads[0].line3 + '

'; } else if (google_ads.length > 1) { ad_unit += ''; } } document.getElementById("ad_unit").innerHTML += ad_unit; google_adnum += google_ads.length; return; } var google_adnum = 0; google_ad_client = "pub-6743622525202572"; google_ad_output = 'js'; google_max_num_ads = '1'; google_feedback = "on"; google_ad_type = "text"; google_adtest = "on"; google_image_size = '230x105'; google_skip = '0'; // -->

The president?s signature Affordable Care Act raises the income level for Medicaid eligibility up to 133 percent of the federal poverty line. That?s one of the major ways the health reforms attempts to expand coverage. If all states participate, 21 million will get Medicaid coverage, reducing the number of uninsured in America by 48 percent, according to a Kaiser Family Foundation analysis.

But the Supreme Court ruling which upheld ACA?s core individual mandate for health insurance also held that Uncle Sam can?t make states go along with the Medicaid expansion. So right now, governors and state legislators across the country are facing a tricky decision: Should they dive in and accept the expansion? After all, the federal government is promising to pay virtually all the costs of such a move, at least for now.

Or should they decline to join in something which could eventually gobble a larger share of their states? budgets?

So far, twice as many states have said ?yes? than have said ?no.? According to a review by consulting firm Avalere Health cited in The Washington Post?s Wonkblog, there are 17 participant states as opposed to 9 confirmed nonparticipants.

The breakdown here is generally along red state/blue state lines, as determined by which party holds the governor?s office. Texas and Florida both said ?no,? for instance. (Yes, President Obama won Florida, but the GOP?s Rick Scott is governor.) Maryland, Illinois, and California are ?yeses.?

Source: http://rss.csmonitor.com/~r/feeds/csm/~3/YAvqT90ADdE/Obama-s-Medicaid-expansion-How-many-states-are-likely-to-rebel

chomp national enquirer kate gosselin helicopter crash matt jones whitney houston in casket photo resolute

lauretta scarlatti: The Natural Thyroid Diet. | Top Health & Fitness ...

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Source: http://fuentessid309.typepad.com/blog/2012/12/lauretta-scarlatti-the-natural-thyroid-diet-top-health-fitness.html

andrew bynum the time machine michelin tires michelin tires rett syndrome where the wild things are josh smith

'Amour' takes top prize from LA film critics

LOS ANGELES (AP) ? The French-language drama "Amour" has been chosen as the year's best film by the Los Angeles Film Critics Association, whose prizes are among a flurry of year-end honors that help sort out the Academy Awards race.

Among other honors the group announced Sunday, the 1950s cult drama "The Master" earned three awards: best director for Paul Thomas Anderson, best actor for Joaquin Phoenix and supporting actress for Amy Adams.

"The Master" also was chosen as best-picture runner-up.

"Amour" star Emmanuelle Riva, who plays an elderly, ailing woman being cared for by her husband, shared the best-actress honor in a tie with Jennifer Lawrence for the lost-soul romance "Silver Linings Playbook."

Newcomer Dwight Henry was chosen as supporting actor for the low-budget critical darling "Beasts of the Southern Wild."

Source: http://news.yahoo.com/amour-takes-top-prize-la-film-critics-233040603.html

Bath And Body Works Dicks Sporting Good office max office max jcp Sports Authority Hollister

Why Not Build This Year's Gingerbread House Using CAD and Lasers?

We've all seen our fair share of crooked gingerbread houses, daubed with frosting to the point where they look less like a building and more like a bomb site. Johan von Konow has a solution to that problem, though: design the building using CAD and manufacture it using laser cutters. More »

Source: http://feeds.gawker.com/~r/gizmodo/full/~3/wdtFonM4EJg/why-not-build-this-years-gingerbread-house-using-cad-and-lasers

American flag Happy 4th of July 4th Of July Desserts fireworks fireworks 4th of July Andy Griffith

Ennyman's Territory: Short Stories

?Short fiction seems more targeted - hand grenades of ideas, if you will. When they work, they hit, they explode, and you never forget them. Long fiction feels more like atmosphere: it's a lot smokier and less defined.? ? Paolo Bacigalupi

There's nothing quite like a good story well told. The appeal of many of Dylan's songs is the story telling. Songs like Fourth Time Around, Tangled Up In Blue and Lily, Rosemarie and the Jack of Hearts have as their key feature the essence of a good story: the reader or listener's anticipation. "What happens next? Every line transports you into the unknown and you go with it.

At one time short story writers could make very good money. In the days before movie theaters and television, magazines like The Saturday Evening Post offered some of the best entertainment around. And they paid well to get marquis writers like Jack London and F. Scott Fitzgerald on their covers.

Another master of the short story form was Anton Chekhov, whose output was remarkable considering he made his living as a physician and was dead by age 44. Of this dual career he once wrote, "Medicine is my lawful wife and literature my mistress; when I get tired of one, I spend the night with the other." Three years ago I shared here one of my favorite short stories of all time, Chekhov's The Bet. ?

What gave Chekhov's stories such impact was his recognition of the importance of every line, every detail. He is famously cited as stating, "If there is a gun hanging on the wall in the first act, it must fire in the third." (Chekhov was also a playwright.)

Jorge Luis Borges is another great short story writer whose influence was considerable. A number of my own stories drew inspiration from this Argentine magician who brought Minotaurs to life and resurrected the roots of forgotten worlds through literary sleight-of-hand. My Duel of the Poets (translated into Croatian in 1996) and Unremembered History of the World were germinated from Borges' seeds.

All this to say that I'd been wrestling with the development of two characters in a new short story I've been working on called The Echo. Friday night's Valtari Experience proved to be just the jolt I needed, smashing inner barricades and releasing new flashes of light that might help guide me through the next portion of my inward maze. ??

What will happen next in this series of dreams? Field upon field or the destination of a lifetime?

Featured eBook of the Day: Unremembered Histories

Source: http://pioneerproductions.blogspot.com/2012/12/short-stories.html

may day stoudemire jordan hill tony nominations dark knight trailer delmon young dallas mavericks

Diversity showing in Oklahoma GOP

on December 8, 2012M at 7:00 am

Oklahoma Republicans who typically oppose affirmative-action programs are nonetheless leading the way to greater diversity in state government.

Gov. Mary Fallin is the state?s first female governor. State Rep. T.W. Shannon will soon be the first black speaker of the Oklahoma House. And he just appointed the first woman to serve as House floor leader ? state Rep. Pam Peterson of Tulsa.

Peterson is a staunch conservative noted for seeking to reduce and provide alternatives to abortion, but her resume also includes work on Department of Human Services? reform and the battle against human trafficking.

More importantly, Peterson is known for her willingness to take the heat on tough issues. In 2010, she debated against a bill allowing open carry of firearms, warning its unintended consequences could include an increase in privately owned businesses banning firearms on store property. Peterson, a concealed-carry permit holder with an NRA ?A? rating, noted that would effectively reduce the ability of citizens to protect themselves.

Although she supported subsequent versions of the gun proposal, that episode demonstrated her willingness to carefully critique issues and take a stand even in the face of heated opposition from interest groups. That?s a good quality for a floor leader, who largely determines what bills are heard on the House floor, and it speaks well of Shannon for appointing Peterson.

Citizens may not always agree with Peterson, but they will know where she stands and that she conscientiously weighs policy decisions.

Thank you for joining our conversation on ScissorTales. We encourage your discussion but ask that you stay within the bounds of our commenting and posting policy.

Source: http://blog.newsok.com/scissortales/2012/12/08/diversity-showing-in-oklahoma-gop/

bloom box fat tuesday obama sweet home chicago accenture match play george washington carver king cake mardi gras