Security News > 2023 > June > S3 Ep139: Are password rules like running through rain?
As long as they don't choose password or secret or one of the Top Ten Cats' Names in the world, maybe it's OK if we force them to change it to another not-very-good password before the crooks would be able to crack it?
The simple observation is that changing a bad password regularly doesn't make it a better password.
If you want a better password, choose a better password to start with!
If you tell people, "Hey, you've got to change your password every 30 days, and you better pick a good one," all they'll do is.
So if the crooks do crack or compromise one of the passwords, and they see a pattern like that, they can pretty much work out what your password is today if they know your password from six months ago.
DUCK. The point is that if you have a formalised, fixed schedule for password changes so that everyone knows that when the last day of this month comes round, they're going to be forced to change their password anyway.
News URL
https://nakedsecurity.sophos.com/2023/06/15/s3-ep139-are-password-rules-like-running-through-rain/