A public school student in Falls Church, Va., created quite a stir a few weeks ago when he accessed the school district's computer system and changed some teachers' passwords. At first officials thought a hacker had broken into the system, but it turned to be a nine-year-old boy who stole a password off a teacher's desk. As Robert McMillan of IDG News Service reports, the episode suggests the importance of managing passwords properly.

The conventional wisdom on password management may not be so wise overall, however, according to some new research out of Microsoft. PCMagazine's Neil J. Rubenking writes that the cost of requiring users to change passwords frequently may outweigh the benefits. Stealing passwords via phishing schemes or key logging is one of the more efficient ways of breaching a system, and since hackers aren't likely to wait any significant period of time before using stolen passwords, changing them often doesn't provide much protection, the researchers maintain.

Requiring users to come up with new, complicated passwords every couple months may be an expensive and time-consuming task with little clear benefit. But simpler rules, such as not leaving passwords on sticky note on the desk, may still make sense.

For more:
- see Robert McMillan's article at Computerworld
- see Neil J. Rubenking's article at PCMagazine

Related Articles:
Answers to "Secret Questions" too easy to guess
Password hacking gets personal
New rules for password security