Martin FowlerDec 7, 2022
Me /tries to do a quick something
site: enter your password
Me: fine
site: enter your one-time code
Me: already? but fine
site: your password will expire in 6 days. Change it now
Me: 🤬
Show threadMartin FowlerDec 7, 2022

And just to make it clear. "Regular password changing harms rather than improves security."

https://www.ncsc.gov.uk/collection/passwords/updating-your-approach#PasswordGuidance:UpdatingYourApproach-Don'tenforceregularpasswordexpiry

Password policy: updating your approach

Advice for system owners responsible for determining password policies and identity management within their organisations.

Show threadMisuse Case
@mfowler And there is no evidence behind the common requirement to change passwords on a schedule, someone at NIST thought it sounded like a good idea decades ago and most of us have been forced to do it ever since.
Dec 7, 2022 at 6:57pmWeb
Show threadbob.php Dec 14, 2022
@MisuseCase @mfowler i personally change mine after each dictionary attack. once they get to like the G's ill change it to start with an F 🤣 jk jk