Question
-
CreatorTopic
-
July 3, 2024 at 4:35 pm #4248697
Optimal Password Prompt Frequency
by gilberto.fernandezgr · about 6 months, 2 weeks ago
Hello! I’m currently working on an app development project for a company. As part of our security measures, I’m researching best practices for determining how frequently the app should prompt users to enter their passwords.
Do you have any references or guidelines that could help inform this decision?
-
CreatorTopic
All Answers
-
AuthorReplies
-
-
July 3, 2024 at 5:05 pm #4248707
No.
by rproffitt · about 6 months, 2 weeks ago
In reply to Optimal Password Prompt Frequency
At one job it was changed monthly. As most of us couldn’t remember it we all would write it down somewhere.
“In fact, many experts believe forced, arbitrary password expiration actually does more harm than good.”
If you want to make your security worse, make the passwords expire faster!
-
July 3, 2024 at 5:46 pm #4248730
Have to agree with this
by Wizard57M-TR · about 6 months, 2 weeks ago
In reply to No.
I once worked for a large company that had forced password changes at monthly to 6 weeks maximum. To top that off, the passwords were always some 20 plus characters, including upper/lower case, special characters, numbers, symbols…no way any user could remember them!
So, the solution used by almost all employees was to take a screenshot of your new password, then print it out on the printer. Fold it up and carry it in your pocket/purse/backpack etc. The other solution used by others was to have someone with the access to issue a new password to you, which then would be screenshotted and brought to you, on an almost daily basis. All of this hassle and employee inconvenience for practically no benefit to anyone. The primary threats always seemed to come from outside the company via network intrusion attempts. Corporate level people were also targeted more often via spam/phishing attempts, primarily because they were the ones that exempted themselves from the strict password policies!-
July 4, 2024 at 12:04 pm #4249258
Yes!
by rproffitt · about 6 months, 2 weeks ago
In reply to Have to agree with this
This was my experience as well.
-
August 4, 2024 at 1:57 pm #4253957
Have to agree with this
by umerisronaldo · about 5 months, 2 weeks ago
In reply to Yes!
I once worked for a company that required password changes every 4-6 weeks with over 20-character passwords including various characters, making them impossible to remember. Employees coped by printing screenshots of their passwords or frequently getting new ones issued. This cumbersome process provided little benefit, as threats were mainly from external network intrusions. Ironically, corporate-level staff, who were more targeted by phishing, exempted themselves from these strict policies.
-
August 6, 2024 at 8:58 am #4254331
Reply To: Optimal Password Prompt Frequency
by lucasbrownfromuk · about 5 months, 1 week ago
In reply to Have to agree with this
I once worked at a company with strict password policies that employees circumvented due to difficulty, while corporate staff exempted themselves despite being prime phishing targets.
- This reply was modified 5 months, 1 week ago by kees_b.
-
-
-
August 21, 2024 at 8:05 am #4257310
Balancing Security & Simplicity: Passwords & Solar Generators
by ibizbysa · about 4 months, 3 weeks ago
In reply to Optimal Password Prompt Frequency
I see you’re digging into the whole “how often should we annoy users with password prompts?” debate. From what I’ve seen (and experienced firsthand), going overboard with frequent password changes can backfire big time. People can’t remember complex passwords that change every month, so they end up writing them down or using other not-so-secure workarounds. It’s like trying to make things safer but actually opening more doors for trouble.
This reminds me of choosing the best solar generator for your RV. You’d think, “Hey, let’s just get the most powerful one out there and call it a day!” But much like those overzealous password policies, you might end up with something so complicated and bulky that it takes up half your RV and requires a PhD to operate. Instead of enjoying a peaceful night under the stars, you’re stuck troubleshooting why your fridge and coffee maker can’t run at the same time. Meanwhile, that trusty, simple generator that fits perfectly in the storage compartment and quietly powers your essentials gets overlooked.
So, just like with passwords, it’s about balance. Pick a solar generator that fits your actual needs—one that’s reliable and easy to use. Sure, it might not have all the bells and whistles, but it won’t leave you stranded in the middle of nowhere, staring at a manual thicker than a novel. Sometimes, practicality and a little common sense go a long way, whether you’re keeping your digital life secure or your morning coffee brewing in the great outdoors.
-
-
AuthorReplies