Forced password changes
My employer has this odd policy where they force you to change your password, once every six months or so. Its annoying, because sometimes, you forget your password. Its inherently more insecure to write it down somewhere, isn’t it? Plus, you can’t reuse passwords.
However, my mail client always has my password. And therein comes, a useful Thunderbird add-on, called Password Exporter.
Now, I can see what my last known password was, and login when need be.
Yah password policies are odd things, the more complex you make the requirements and the more often you require users to change their passwords the less secure it becomes.
But then you’re supposed to change passwords often enough that someone can’t crack them. Then with computational power nowadays that’s impractical too.
That’s why combining is the best option, at least 2 out of the 3 methods make things more secure (physical token, biometric, password).
My employer makes me change my password every three months, and it can’t be the last 5 passwords I’ve used, and it has to be extremely complex.
Muchos Failure
shouldnt it be:
my employer (link:www.oracle.com) …….. ???
Hey, that’s what my employer does also… better security?