Christmas Break
Dec. 20th, 2021 05:55 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
billroperI have reset the passwords at work that were scheduled to expire over Christmas break and have abandoned ship for the duration. :)
Time to go Christmas shopping!
Time to go Christmas shopping!
billroper
no subject
Date: 2021-12-21 12:23 pm (UTC)no subject
Date: 2021-12-24 07:17 am (UTC)I do get the logic behind making people change their passwords. Passwords--particularly those shared between accounts (in the modern age of scrapes and public passwords I have FINALLY learned never to share passwords between accounts--better late than never!) can leak, and the longer the time you've been using a given password, the longer time there is for someone to video record you entering it, or catch it with a keylogger, or...
But of course the problem is that the only ways to deal with the constant need to change passwords are either:
1. Use a password vault. So you no longer know your password at all; instead your password security is dropped down to the security of your password vault, and no real purpose is served by making you change passwords.
2. Use a password rotation scheme. So...instead of a constant good password, instead you're...using a constant (probably worse) password with some extra data you either memorize, write down, or whatnot. Yay?
Functionally, the idea of having everyone change their passwords periodically fails on the "the users are human" test. If everyone had perfect memory, they wouldn't need a keylogger. But they do, so static passwords they memorize over days and have reemphasized over time are gold, and for less frequently used logins, password vaults or long term passwords it is.