undefined | Better HN

0 pointscoder5434y ago0 comments

Password rotation does not strengthen security.

0 comments

Explain?

The intent of the policy doesn't match the real-world implementation of users. Users are lazy. Users will alter a single character or digit in the password and call it changed.

Most people don't use password managers, and some companies block their usage. Now add a requirement of a "secure" password.

nixpulvis4y ago

Automated password rotation would use machine generated highly secure passwords. I do not see your point.

This issue for master passwords is a bit harder, yes.

2 more replies

j / k navigate · click thread line to collapse

0 comments

nixpulvis4y ago

Explain?

Zxian4y ago

The intent of the policy doesn't match the real-world implementation of users. Users are lazy. Users will alter a single character or digit in the password and call it changed.

Most people don't use password managers, and some companies block their usage. Now add a requirement of a "secure" password.

nixpulvis4y ago

Automated password rotation would use machine generated highly secure passwords. I do not see your point.

This issue for master passwords is a bit harder, yes.

2 more replies

j / k navigate · click thread line to collapse