• my_hat_stinks@programming.dev
    link
    fedilink
    arrow-up
    1
    ·
    5 months ago

    Good luck remembering them all, also change them all every 30 days, so here are my secrets.

    Password expiry hasn’t been considered best practice for a long time (must be at least a decade now?) largely because of the other points you mentioned; it leads to weak easily memorable passwords written somewhere easily accessible. Even when it was considered good 30 days would have been an unusually short time.

    Current advice is to change passwords whenever there’s a chance it’s been compromised, not on a schedule.