Jump to content

Some useful advice from Maastricht University about your password


G+_George Kozi
 Share

Recommended Posts

Tim Box I see that as a false choice.

 

It's a question of mitigating risk. If you're worried about password reuse attacks (as you should be) than unique complicated passwords are the way to go.

 

However, if you're worried about a password getting leaked and you not knowing about the leak, then changing your password will help with that. Complicated passwords are significantly harder to crack but offer no protection once your password is known.

 

Best security is to use a password manager (or other super complicated and non-resued passwords) AND regularly change your password. But that's burdensome because most websites don't allow you to do that easily, and most people don't want to track that.

 

So, if constantly changing your password will result in a weaker password, I tend to agree... but it doesn't HAVE to.

Link to comment
Share on other sites

John Mink

 

As I said "Better you use a password app and have very hard passwords."

 

If your password get hacked then it's just the one site and 99% of sites at least hash them so it's going to be hard.

 

In my days in a big company you would end up using the same password and changing a number at the end every time you were forced to change them.

 

Even the man who started the change your password frequently says now its a bad idea

 

A nice article on it from wired

 

wired.com - Want Safer Passwords? Don't Change Them So Often | WIRED

Link to comment
Share on other sites

Tim Box I think we're arguing two separate but similar points.

 

For someone doing what you describe (changing the number at the end, to match the month for instance, so the password is technically different...as I too have seen people do) then yes, they're better of not changing them. If you're using a password manager and having it generate the password based on the ruleset provided by the company...then by all means, change it as often as you can.

 

But maybe you're right as this poster is meant for the average person who isn't using a password manager anyway. So maybe "change it often" would be taken as "don't make it too complicated". In that case, I'm with you.

Link to comment
Share on other sites

 Share

×
×
  • Create New...