25
Used to update passwords every 30 days until a security consultant told me to stop
Ran into a guy from a local cybersecurity firm at a diner in Greenville back in March. I told him how I had everyone at my small business rotate passwords monthly like clockwork. He laughed and said I was actually making things worse. People just tack a "2" on the end or swap one character. Said it was better to use a long passphrase and only change it when there's a real breach. That conversation flipped my whole approach. Anyone else get told the opposite of what you thought was standard practice?
2 comments
Log in to join the discussion
Log In2 Comments
emery_hall1mo ago
Wait, a security guy actually told you to NOT change passwords every month? That's wild, I thought that was like rule number one for keeping things locked down.
10
leeknight1mo ago
Oh man, I gotta push back on that a little. Forcing people to change passwords every 30 days just leads to predictable patterns like "October2024!" then "November2024!" which are actually easier to guess. In my experience, a strong, unique password you don't have to change all the time is way safer than a weaker one you rotate monthly.
3