this post was submitted on 09 Jun 2023
4 points (100.0% liked)

Security News

2279 readers
1 users here now

founded 1 year ago
MODERATORS
[email protected]
4
Thoughts on scheduled password changes (don’t call them rotations!) (nakedsecurity.sophos.com)
submitted 1 year ago by [email protected] to c/[email protected]
9 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 year ago* (last edited 1 year ago)

I used to have a friend's password somewhere that used rotation and I'd just have to do a quick bit of maths to figure out the final number. Surely there are bots that are smart enough to automate this: mysuperstrongpass01 -> mysuperstrongpass02, mysuperstrongpass03 etc. [edit: the article alludes to this, but then I most of our comments here and on the link are not very original either!]

Password reuse is probably the worst security flaw nowadays, and a strong but reused password is basically no better than classics like password1 after a depressingly small amount of time/services.