Frequent password changes are the enemy of security, FTC technologist says
Source: Kristian Köhntopp – Google+
Since the 1980s I’ve been advocating the above opinion and I’m glad some people now agree with me.
If you ever hire or employ me and force such a regular password change policy upon me without allowing me to use a password manager that can communicate securely with the cloud (which means you don’t play TLS man-in-the-middle) then I will either:
- create a password-change script that invalidates the password history you keep and re-use my really secure password of choice.
- if that fails: add an incrementing value to a reasonably secure base password.
–jeroen
