this post was submitted on 19 Dec 2023
1011 points (99.1% liked)

xkcd

8968 readers
74 users here now

A community for a webcomic of romance, sarcasm, math, and language.

founded 2 years ago
MODERATORS
 

https://xkcd.com/2869

Alt text:

Why couldn't the amulet have been hidden by Aunt Alice, who understands modern key exchange algorithms?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

Yes, password expiry is generally considered bad practice and should only be triggered on demand if there's suspicion of a security breach, precisely because it's much more likely to lead to simple, less secure passwords. And when users change it, they will probably just add a number or something anyway, so it's not going to stop a determined attacker from finding the new pw regardless.

Which doesn't stop a ton of organizations from requiring it anyway.