After Hours

General discussion


Ok, why change passwords on a schedule?

By AnsuGisalas ·
Tags: Off Topic
This came up recently (;leftCol), and left me unconvinced.
What is the point in forcing regular password changes?
Reasons, rationale, justifications... what are they?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

I think it's the idea of keeping a moving target

by NickNielsen In reply to Ok, why change passwords ...

I change mine because I'm forced to, and I do the same thing everybody else in that situation does: I work sequentially: password1, password2, password3, etc. I know that's not the intent, but I have to remember 9 passwords for work. I'll be darned if I'm going to make it hard on myself.

Collapse -


by AnsuGisalas In reply to I think it's the idea of ...

If people can remember 9 passwords, they should preferably be 9 good passwords, for 9 different sites.

Collapse -

But that's the problem

by NickNielsen In reply to Exactly

People don't remember 9 different passwords, they remember just one, for 9 different sites.

All 9 of mine are quite similar, but not identical. Again, I'm not going to make it any harder than it has to be.

Collapse -

That's the problem...

by AnsuGisalas In reply to But that's the problem

People have limited patience with security.
Heck, I know that logging in as admin isn't safe for day to day stuff, but I still can't get used to not being able to do those three semi-rare things that require admin status without *gasp* changing users for half an hour.
But focusing on a few meaningful measures and hammering them in loud enough, people could learn to use at least different security levels of passwords. To have f.ex. one unique for banking, one unique for official crap, one for low-security activities and one for potential risk activities. That falls within the 3+2 range of different things people can remember, and it makes a big difference both over low-difficulty passwords and over having the same passwords for critical and risky/lowsec activities.

Collapse -

I have lots of patience with security

by NickNielsen In reply to That's the problem...

My passwords are all based on a strong phrase that includes case changes, numbers, and special characters and gets a 71% from <a href="">Password Meter</a>. All the passwords based on that phrase (except two) score 90% or better. The two exceptions do not allow me to use the entire phrase because they are limited to 8 alphanumeric characters, but they are only valid inside a physically secured area.

Collapse -

multiple reasons.

by .Martin. In reply to Ok, why change passwords ...

If someone is trying to get into your computer without you knowledge, it is harder if the password is changing, i.e., every time the password changes, they essentially have to start again.

If someone knows your password, and is using your account without your permission, if you change the password, they are locked out.

Collapse -

And how often are good passwords cracked?

by AnsuGisalas In reply to multiple reasons.

The bad guys spend their resources wisely, why spend time cracking "1kz3hARjeeEa" when they can crack 10^6 instances of "admin" in the same time?

Related Discussions

Related Forums