Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Why must high entropy passwords be rotated regularly anyway? Shouldn't they only need rotating after a certain number of incorrect logins? Shouldn't that number be decently high?


Regularly changing your password reduces the impact of an undetected security breach by shortening the maximum amount of time a leaked password remains useful.


Forcing people to regularly change their password means passwords get written down on a Post-it Note on the bottom of the keyboard.

Because people are just people, not superhuman remembering machines.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: