Debunks?! More like claims that I will most likely reuse or slightly modify the old password.
> The same researchers have warned that mandating password changes every 30, 60, or 90 days—or any other period—can be harmful for a host of reasons. Chief among them, the requirements encourage end users to choose weaker passwords than they otherwise would.
That is incorrect in my case since I generate random passwords, and no other evidence is cited. I would be curious what other reasons they have in mind.
I agree in general, most people may not have password managers still, but that seems like the problem to be fixing, rather than relaxing security advice.
Specifically, password managers for login passwords is a bit of a tricky subject, but that's why I hate the idea of "live" accounts, where my login password and online password are the same.
> The same researchers have warned that mandating password changes every 30, 60, or 90 days—or any other period—can be harmful for a host of reasons. Chief among them, the requirements encourage end users to choose weaker passwords than they otherwise would.
That is incorrect in my case since I generate random passwords, and no other evidence is cited. I would be curious what other reasons they have in mind.
I agree in general, most people may not have password managers still, but that seems like the problem to be fixing, rather than relaxing security advice.
Specifically, password managers for login passwords is a bit of a tricky subject, but that's why I hate the idea of "live" accounts, where my login password and online password are the same.