Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Often Should You Change Your Password?

Posted by CmdrTaco on from the every-eight-seconds dept.

jhigh writes "Bruce Schneier asks the question, how often should you change your password? 'The primary reason to give an authentication credential — not just a password, but any authentication credential — an expiration date is to limit the amount of time a lost, stolen, or forged credential can be used by someone else. If a membership card expires after a year, then if someone steals that card he can at most get a year's worth of benefit out of it. After that, it's useless.' Another reason could be to limit the amount of time an attacker has to crack the password, but Bruce's analysis seems on target."

2 of 233 comments (clear)

  1. Incrementing passwords by mr100percent · · Score: 0, Redundant

    What if people just increment their passwords? Every few years (or password expires) I just increase the number at the end. Mine is now TrustNobody2009. It expires the older password and still keeps it easy to remember

  2. I'm sure we all know how this works out by roc97007 · · Score: 0, Redundant

    If you mandate that people change their passwords often, they will use weak passwords or write them down. The shorter the cycle, the more likely this happens.

    --
    Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.