Ask HN: Should I change my passwords frequently?

1 pointsczatt6y ago3 comments

That seems to be the general guidance (my company forces us to change our system passwords every 60 days), but I am unsure why this is the case. If someone were to bypass / obtain my password, couldn't they do it immediately? If changing passwords is helpful, how frequently should you do it to be effective?

3 comments

3 comments · 3 top-level

viraptor6y ago

Changing credentials is helpful if you assume they're compromised every once in a while. These days if a unique and random password is used for each service and/or with 2fa enabled, that assumption is not that great anymore. Adding to that the fact that most people will just add "1" or the current year at the end, it makes updating the password much less useful - it will only stop completely trivial malware.

The recommendation has actually changed in high level policies relatively recently: https://nakedsecurity.sophos.com/2016/08/18/nists-new-passwo...

barneythedino6y ago

No. https://securityboulevard.com/2019/03/nist-800-63-password-g...

earpwald6y ago

Changing passwords frequently leads to trends in password reuse. Ie increasing 1 to 2 and then to 3 etc.

Best password is a long random words password as explained by xkcd!

j / k navigate · click thread line to collapse