An article on password security caught my eye this morning. The main argument is that systems that require you to change your password on a regular basis are less secure than ones where you can keep the same password indefinitely.
Why is that? The problems of frequently changing passwords are numerous – maybe you just change the digit at the end, which would make it easier for someone to crack the code if they collected several variations; maybe you’ll write all your passwords down for easy reference; maybe you’ll end up forgetting which password to use and getting locked out!
I’d generally agree with this analysis – it’s a pain having to change passwords every month and I don’t think that makes them any more secure than longer, case-sensitive, awkward passwords like “kd8I*da9D” (nb. bears no resemblance to any password of mine, living or dead!). Of course you can’t remember many of these unless you use them frequently but you can keep them in a securely encrypted file and look them up when you need them!
Anyway, the article is worth a read, as passwords are something almost everybody who spends time on line has to deal with.