Alt text:
Why couldn't the amulet have been hidden by Aunt Alice, who understands modern key exchange algorithms?
this post was submitted on 19 Dec 2023
1007 points (99.1% liked)
xkcd
8841 readers
5 users here now
A community for a webcomic of romance, sarcasm, math, and language.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Yes, password expiry is generally considered bad practice and should only be triggered on demand if there's suspicion of a security breach, precisely because it's much more likely to lead to simple, less secure passwords. And when users change it, they will probably just add a number or something anyway, so it's not going to stop a determined attacker from finding the new pw regardless.
Which doesn't stop a ton of organizations from requiring it anyway.