Tony Dye

Tony Dye

MAKING IT EASIER TO DO
THE RIGHT THINGS

Search

Subscribe

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Navigate

LINKS MAY BE MONETIZED

What About Recurring Password Changes?

Many system administrators have set policies in place that require regular password changes. Every six months. Every 90 days. Some even require a change every 30 days. Does this make sense?

In defense of system administrators (sometimes I am one), this is a reaction to otherwise bad password issues and it’s a probably failed attempt to have people keep their passwords to themselves. My guess is that it backfires as often as it succeeds.

Changing passwords frequently is a good idea if you use bad passwords. Or short passwords. Or reuse passwords across multiple sites. Or especially if you share passwords with others! Of course, if you’re one of the people who does this (none of my readers, right?), then forcing a new password frequently probably just exacerbates the issue without really solving anything, and maybe even further encourages keeping a list of passwords written down. Horrors!

And then there are things like Heartbleed that mess up everything! Even if you followed every great password idea, you’re suddenly at risk. The solution, of course, is to change your password. Sadly, you really need to. You did all the right things, and this silly bug forces you to make a change.

Suggestion: start planning now. Use the same techniques to generate your next core password, now. Be prepared when you need it.

Last Updated: 9/30/2014
.
.
All articles in this series on Passwords:

Discover more from Tony Dye - Project Coordinator

Subscribe now to keep reading and get access to the full archive.

Continue reading

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

LINKS MAY BE MONETIZED