OMG this is so annoying please stop. There is passwords I haven’t changed in over 20 years and never ever had an issue with them. If you don’t believe changing passwords compromises security then read below. Please stop for the love of god…
I hate it when Im forced to change a password, or if Im forced to make the password too complex.
I always either ending up forgetting it or writing it down… so its actually less secure.
1 Like
Exactly why it is less secure. I wish companies would stop doing it. I haven’t changed my amazon password in forever and you know what no problems along with a bunch of others.
Makes so much sense. I use patterns for sure, I’m forced to do it, at least for things I use on a regular basis otherwise there’s just no way to remember.
1 Like
Regularly updating passwords is done to limit the amount of time a compromised credential set can be used.
Speaking as a backend infrastructure guy with quite a bit of cyber security experience, I would state that regularly updating passwords does not compromise security, as long as you’re doing credentials right. If you’re trying to pick a password you can remember, you’re doing it wrong.
Get a password manager. NordPass and 1Password are multi-platform and easy to use. The manager will generate a unique, random-digit password for each website you use; you do not need to know the details.
Website databases are frequently compromised, and there’s a good chance that at least one set of your credentials will be out there in the wild. Check out haveibeenpwned.com
A compromised credential is less of an issue if the password is unique, but people frequently use the same sign-in credentials for multiple accounts because they’re trying to remember them. Every other account using the same credentials becomes vulnerable when one website is hacked.
Things are improving as we move towards password-less logins and passkeys, but we have a way to go before that’s the norm. In the meantime, get a password manager and enable 2FA wherever you have the option (certainly on anything important).
Oh, and I agree that forced password changes are a pain. They interrupt the flow of whatever you are trying to do at the time. I only want a website to enforce a password change when they know credentials have been compromised or need to be encrypted into a new datastore (this only happens after a significant change to the backend).
Other than the password for my password manager, I don’t know any of my passwords, and that’s how I want it to be!