undefined | Better HN

0 pointsnixpulvis4y ago0 comments

Automated password rotation would use machine generated highly secure passwords. I do not see your point.

This issue for master passwords is a bit harder, yes.

0 comments

Sohcahtoa824y ago

> Automated password rotation would use machine generated highly secure passwords.

Which will result in two things:

1. LOTS of calls to IT from forgotten passwords

2. People writing their passwords down on sticky notes.

missingrib4y ago

I don't really see the issue with people writing their passwords down on sticky notes.

1 more reply

the_snooze4y ago

If you're using machine-generated passwords, then what's the point of rotating them?

ryanisnan4y ago

Breaches happen. You can't always be sure you (or dictionaries) will know.

the_snooze4y ago

Even assuming a silent breach happens, it's unclear what's the value-add of password rotation in the context of other solutions that are less burdensome on the user: proper hashing of password databases (in case of a password DB breach) and risk-based authentication (in case of an inadvertent disclosure, like in logs).

j / k navigate · click thread line to collapse

0 comments

Sohcahtoa824y ago

> Automated password rotation would use machine generated highly secure passwords.

Which will result in two things:

1. LOTS of calls to IT from forgotten passwords

2. People writing their passwords down on sticky notes.

missingrib4y ago

I don't really see the issue with people writing their passwords down on sticky notes.

1 more reply

the_snooze4y ago

If you're using machine-generated passwords, then what's the point of rotating them?

ryanisnan4y ago

Breaches happen. You can't always be sure you (or dictionaries) will know.

the_snooze4y ago

j / k navigate · click thread line to collapse