top | item 41644378

(no title)

snorremd | 1 year ago

This! Required frequent changes just makes people who don't use password managers choose weaker passwords to be able to remember them easily. And they'll almost guaranteed just choose the same password as before with a new post or prefix. "mychildhoodteacher1", "mychildhoodteacher2", etc.

It would be better to encourage users to use a single random four word passphrase and stick to that forever. Add 2FA and you are golden. But legacy systems gonna legacy. I still see systems with max password lengths of 12 characters in the wild, and no 2FA to boot. It's been a while since I got my password back in clear text though, so perhaps we're moving in the right direction.

discuss

No comments yet.