https://xkcd.com/2869

Alt text:

Why couldn’t the amulet have been hidden by Aunt Alice, who understands modern key exchange algorithms?

  • LwL@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    11 months ago

    Yes, password expiry is generally considered bad practice and should only be triggered on demand if there’s suspicion of a security breach, precisely because it’s much more likely to lead to simple, less secure passwords. And when users change it, they will probably just add a number or something anyway, so it’s not going to stop a determined attacker from finding the new pw regardless.

    Which doesn’t stop a ton of organizations from requiring it anyway.