Re: Password Manager opinions and recommendations
- Date: Sun, 25 Mar 2018 14:06:53 -0400
- From: Roberto C. Sánchez <roberto@xxxxxxxxxx>
- Subject: Re: Password Manager opinions and recommendations
On Sun, Mar 25, 2018 at 06:48:15PM +0100, Brian wrote:
> On Sun 25 Mar 2018 at 11:52:13 -0400, rhkramer@xxxxxxxxx wrote:
> The PIN for my credit card has only four digits.
> > * I don't change the passwords as often as I should
> There isn't and never has been a need to do this. Passwords don't
> deteriorate with age.
I disagree. Forced password changes are annoying and counterproductive,
but there is an argument to be made for users periodically changing
their passwords. The Yahoo! data breach, for example, did not become
publically known until long after the breach. Even then, the scope
continued to expand as additional related breaches were discovered that
had taken place even earlier.
There are some sites which force me to change my password periodically
and find them annoying because the passwords do not protect anything
important enough to warrant that. On the other hand, there are some
sites where I regularly change my password to guard against a hacker
gaining continuing access to my account/data following a breach.
While you are right that passwords do not deteriorate, they do get
compromised. The last few years have shown that it happens with rather
Roberto C. Sánchez