Frequent password changes may make security worse

Posted on Thursday, Aug 04 2016 @ 18:35 CEST by Thomas De Maesschalck
One of the thing I dislike online are websites that force you to change your password at regular intervals. This supposedly strengthens security but now FTC chief technologist Lorrie Cranor claims a growing number of security experts believe frequent password changes do little to improve security and very possibly make it worse by encouraging users to use passwords that are more susceptible to cracking:
A separate study from researchers at Carleton University provided a mathematical demonstration that frequent password changes hamper attackers only minimally and probably not enough to offset the inconvenience to end users.

Over the past few years, organizations including the National Institute of Standards and Technology in the US and UK government agency CESG have also concluded that mandated password changes are often ineffective or counterproductive. And now, thanks to Cranor, the FTC has also come around to this thinking. But don't count on everyone doing away with regular password changes.
Via: ARS Technica

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments