Quote:
Originally Posted by GH85Carrera
For a long time when my wife worked at her university job, her IT department required her to change her password every 20 days. It gets hard to make up and then remember the new password. She made an Excel spreadsheet and came up with 15 passwords. Then when the password had to be changed, she just advanced it one, and saved the file in a place she could get to without logging into the main software that required the password.
She used the same 15 passwords in rotation for years.
I just wonder if any real study on passwords has shown that changing them regularly is any more secure than a good strong password that is never written down, and used for years.
One program I have used since 1986 is Quicken, when it came on 5.25 inch floppy discs. It has been updated many many times, and I have all my data back to the start. I have used the same password for all those years to open the program. Security is not a big issue as no one else uses my computer.
|
NIST says the most secure is a long pass phrase and no expiration. Phrase as in 4 to 5 words minimum.