||[Aug. 29th, 2009|10:39 am]
Mr. Scruffy Detective
I work at a company where I have 6 different user IDs and passwords and the passwords need to be changed every 6 months. I've been trying to come up with a reason that it's safer to regularly change your password, but I can't. I can only come up with reasons it's worse.|
The only way I can see changing your password helps is if someone already knows it and is just using your account without your knowledge. That or if it takes 6 months and 1 day to crack the password.
My school keeps sending me alerts that my password will expire (which I've been ignoring since I don't go there any more) but it contains this line:
The password cannot contain your name or userID and must be different than the previous 24 passwords.
No one has 24 different passwords, so the user will just end up writing it down somewhere creating a bigger security hole.
My other favorite was when I updated my password at work and got:
Would you like your new password included in your confirmation email?</a>