Zorin =^o.o^=May 12, 2023

I really hate password/PIN code expiration. It WORSENS security, because you're forced to remember a new password/PIN and after forgetting it a few times will probably write it down. Or you might be tempted to use an easier to remember and less secure password.

NIST no longer recommends expiring credentials regularly. PLEASE STOP DOING THIS.

Show threadTheta Sigma
@zorinlynx this is particularly true if, as some workplaces do, you’re required to change your password every month, because that’s simply far too frequently to commit a serious password to memory, particularly if you have multiple passwords to remember. (My first long term job - when I left I had just updated my password to letmein62).
May 14, 2023 at 9:35amWeb