Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Often Should You Change Your Password?

Posted by CmdrTaco on from the every-eight-seconds dept.

jhigh writes "Bruce Schneier asks the question, how often should you change your password? 'The primary reason to give an authentication credential — not just a password, but any authentication credential — an expiration date is to limit the amount of time a lost, stolen, or forged credential can be used by someone else. If a membership card expires after a year, then if someone steals that card he can at most get a year's worth of benefit out of it. After that, it's useless.' Another reason could be to limit the amount of time an attacker has to crack the password, but Bruce's analysis seems on target."

11 of 233 comments (clear)

  1. Whenever you... by digitaldc · · Score: 5, Funny

    ...lose the post-it note on the bottom of your keyboard that you wrote it on, of course.

    --
    He who knows best knows how little he knows. - Thomas Jefferson
  2. Why Use a Password? by NavyNasa · · Score: 4, Funny

    Are you hiding something?

    --
    Space Cadet
  3. Re:All sounds pretty reasonable by Anonymous Coward · · Score: 1, Funny

    Just go from password1 to password9 then loop back to password1. If they keep a list of previously used passwords, just keep adding one.

    I'm now at password5842, thanks to our extremely efficient security department!

  4. Just like a toothbrush by mrnick · · Score: 3, Funny

    "Use it regularly, change it frequently, and don't share it with anyone!"

    --

    Encryption: I may not agree with what you say, but I will defend your right to encrypt it...
    1. Re:Just like a toothbrush by StikyPad · · Score: 2, Funny

      If you're not sharing your condom with someone, you're using it wrong.

      --
      https://www.eff.org/https-everywhere
  5. Re:What's the point? by fieldstone · · Score: 4, Funny

    Ah. Very good point. I hadn't considered the jealous girlfriend / boyfriend angle.

  6. Re:This isn't Sam's club by Rob+the+Bold · · Score: 1, Funny

    If you have passwords for a couple dozen systems (very easy) and each of them requires you to change your password every 3 months, you're going to start forgetting them. So you don't, you're going to start writing them down or storing them in some way. Or you're going to increment a number in your password, so it's still basically the same. Or you're going to use the same password for slashdot and faceboook.com (see that? it's a spoof site designed to steal passwords) and your bank account.

    Thanks, man. I quickly logged in and changed my faceboook and bank passwords. You saved me a great deal of hassle and money!

    --
    I am not a crackpot.
  7. Answer: Never! by UnknowingFool · · Score: 1, Funny

    Seriously I've used "1234" on all my email accounts and my root admin account for years and never had the problem.
    Hold a sec. My router is going a little crazyF8($&#Rin85M3$%
    s fpjl ;?>I ALW7H;
    [CARRIER LOST]

    --
    Well, there's spam egg sausage and spam, that's not got much spam in it.
  8. Obligatory XKCD [Re:Hundreds of passwords...] by Geoffrey.landis · · Score: 3, Funny

    Speaking of which, I'm surprised nobody has posted the link to the relevant xkcd yet.

    http://xkcd.com/792/

    --
    http://www.geoffreylandis.com
  9. Re:To Change or Not To Change by .sig · · Score: 4, Funny

    nobody uses AFSDWER$fq34agfre as a password

    Great, now I've got to go change all my passwords...

    --
    -Space for rent
  10. Use your dogs name by MidnightPsycho · · Score: 2, Funny

    "Of course my password is the same as my pet's name.
    My dog's name was Q47pY!3$H9x, but I change it every 90 days."