Nah. The need to regularly change passwords is unnecessary. If you use a sufficiently long password, unique passwords for every site, and 2FA/MFA for “important” logins, then you’re good.
Businesses requiring their staff to regularly cycle passwords is outdated and makes their systems less resilient, since it opens more angles for social engineering attacks or password security carelessness.
Unique is probably the most important thing. Well, and not using “password123” of course. As long as its not easy to guess the main thing you want to avoid is password reuse because you don’t know how securely its being stored. May well get leaked as plaintext some day which some of mine certainly have been over time.
That is when I learnt that no, a “very secure” password that you use everywhere isn’t very secure at all.
I’m not saying every three months, but after 5-7 years like me, it’s probably just a good idea. Who knows what devices have the passwords saved on it still
Nah. The need to regularly change passwords is unnecessary. If you use a sufficiently long password, unique passwords for every site, and 2FA/MFA for “important” logins, then you’re good.
Businesses requiring their staff to regularly cycle passwords is outdated and makes their systems less resilient, since it opens more angles for social engineering attacks or password security carelessness.
Unique is probably the most important thing. Well, and not using “password123” of course. As long as its not easy to guess the main thing you want to avoid is password reuse because you don’t know how securely its being stored. May well get leaked as plaintext some day which some of mine certainly have been over time.
That is when I learnt that no, a “very secure” password that you use everywhere isn’t very secure at all.
I’m not saying every three months, but after 5-7 years like me, it’s probably just a good idea. Who knows what devices have the passwords saved on it still