Pyrex, nightsworn alchemistSometimes you just get an email with "undisclosed breach" vibes.
Hazel Cora@pyrex yikes but also normalise sending these every so often regardless tbh
FunLater@h @pyrex I've read on some social media site that forced password changes are a bad idea because they make people use worse passwords and save them insecurely, and because they are a pain.
Also, if these become more normal, phishing emails using these kinds of messages to make you give them your password may appear less fishy.
Keep in mind I don't known a lot about what I'm currently talking about.
skry@h @funlater @pyrex That’s right. NIST, the standards org told everyone to stop making people change their passwords on a schedule, because it leads to people choosing weaker passwords.
IMO, websites should not email you about changing your password. They should email you to notify you when there’s been a breach.
They should nuke the passwords of everyone affected after a breach and force them to choose a new password next time they want to log in.