Lanark wrote:chas49 wrote:at least it made me change my password which is good practice
![Smile :)](./images/smilies/icon_e_smile.gif)
Not any more, companies are starting to wake up and realise that forcing people to change password every 30 days actually made them choose really weak passwords with a number on the end.
It has taken a loooooong time for that bit of common sense to prevail.
In addition, it makes people sloppy about hiding where they are writing down the current password.* If you break into my house you'll have to pick the right one of the many Post-It notes stuck to my screen to read my card sales figures!
Business Track (my card merchant bank account interface) forces me to choose a new password every three months and it is beyond tedious and forces (relative) insecurity, but also firmly lodges liability with me.
* Despite official advice not to write down passwords I'd imagine we all do it. I have well over 100 on my list, all different. It's the way most of us choose as this human memory simply isn't strong enough, and I don't trust on line "password managers".