Stop resetting your passwords, says UK govt's spy network
Found on The Register on Friday, 06 May 2016
The UK government has, on World Password Day, repeated its advice against the common security practice of routinely changing passwords.
"The problem is that this doesn’t take into account the inconvenience to users – the ‘usability costs’ – of forcing users to frequently change their passwords," says CESG. "The majority of password policies force us to use passwords that we find hard to remember."
There is no problem with routinely changing your passwords at all. With so many online services which require authentication, and the fact that you should never use the same password for two different services, you have to handle dozens of passwords already. That's where password managers come into play: you just update your password in there and only have to remember your master password. With that approach, you can store hundreds of unique, complex passwords easily and change them from time to time. Of course, there are reasons why government agencies don't want that...