Reply to post: Pointless

Stop resetting your passwords, says UK govt's spy network

RFC822

Pointless

The main reason for changing passwords periodically is to reduce the window of opportunity during which a compromised password can be exploited.

Of course, most compromised passwords will be used immediately after they have been compromised, so changing passwords every 30/60/90 days is pretty pointless. However, the user has to remember yet another password - and is quite likely to choose a less secure one in the haste to satisfy the password-reset requirement.

Good to see some sensible advice being provided.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019