Question

  • Creator
    Topic
  • #4248697

    Optimal Password Prompt Frequency

    by gilberto.fernandezgr ·

    Hello! I’m currently working on an app development project for a company. As part of our security measures, I’m researching best practices for determining how frequently the app should prompt users to enter their passwords.

    Do you have any references or guidelines that could help inform this decision?

You are posting a reply to: Optimal Password Prompt Frequency

The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our Community FAQs for details. All submitted content is subject to our Terms of Use.

All Answers

  • Author
    Replies
    • #4248707
      Avatar photo

      No.

      by rproffitt ·

      In reply to Optimal Password Prompt Frequency

      At one job it was changed monthly. As most of us couldn’t remember it we all would write it down somewhere.

      “In fact, many experts believe forced, arbitrary password expiration actually does more harm than good.”

      If you want to make your security worse, make the passwords expire faster!

      • #4248730
        Avatar photo

        Have to agree with this

        by Wizard57M-TR ·

        In reply to No.

        I once worked for a large company that had forced password changes at monthly to 6 weeks maximum. To top that off, the passwords were always some 20 plus characters, including upper/lower case, special characters, numbers, symbols…no way any user could remember them!
        So, the solution used by almost all employees was to take a screenshot of your new password, then print it out on the printer. Fold it up and carry it in your pocket/purse/backpack etc. The other solution used by others was to have someone with the access to issue a new password to you, which then would be screenshotted and brought to you, on an almost daily basis. All of this hassle and employee inconvenience for practically no benefit to anyone. The primary threats always seemed to come from outside the company via network intrusion attempts. Corporate level people were also targeted more often via spam/phishing attempts, primarily because they were the ones that exempted themselves from the strict password policies!

        • #4249258
          Avatar photo

          Yes!

          by rproffitt ·

          In reply to Have to agree with this

          This was my experience as well.

        • #4253957

          Have to agree with this

          by umerisronaldo ·

          In reply to Yes!

          I once worked for a company that required password changes every 4-6 weeks with over 20-character passwords including various characters, making them impossible to remember. Employees coped by printing screenshots of their passwords or frequently getting new ones issued. This cumbersome process provided little benefit, as threats were mainly from external network intrusions. Ironically, corporate-level staff, who were more targeted by phishing, exempted themselves from these strict policies.

        • #4254331

          Reply To: Optimal Password Prompt Frequency

          by lucasbrownfromuk ·

          In reply to Have to agree with this

          I once worked at a company with strict password policies that employees circumvented due to difficulty, while corporate staff exempted themselves despite being prime phishing targets.

          • This reply was modified 5 months, 1 week ago by Avatar photokees_b.
    • #4257310

      Balancing Security & Simplicity: Passwords & Solar Generators

      by ibizbysa ·

      In reply to Optimal Password Prompt Frequency

      I see you’re digging into the whole “how often should we annoy users with password prompts?” debate. From what I’ve seen (and experienced firsthand), going overboard with frequent password changes can backfire big time. People can’t remember complex passwords that change every month, so they end up writing them down or using other not-so-secure workarounds. It’s like trying to make things safer but actually opening more doors for trouble.

      This reminds me of choosing the best solar generator for your RV. You’d think, “Hey, let’s just get the most powerful one out there and call it a day!” But much like those overzealous password policies, you might end up with something so complicated and bulky that it takes up half your RV and requires a PhD to operate. Instead of enjoying a peaceful night under the stars, you’re stuck troubleshooting why your fridge and coffee maker can’t run at the same time. Meanwhile, that trusty, simple generator that fits perfectly in the storage compartment and quietly powers your essentials gets overlooked.

      So, just like with passwords, it’s about balance. Pick a solar generator that fits your actual needs—one that’s reliable and easy to use. Sure, it might not have all the bells and whistles, but it won’t leave you stranded in the middle of nowhere, staring at a manual thicker than a novel. Sometimes, practicality and a little common sense go a long way, whether you’re keeping your digital life secure or your morning coffee brewing in the great outdoors.

Viewing 1 reply thread