• Cypher@lemmy.world
    link
    fedilink
    arrow-up
    8
    ·
    21 hours ago

    Forcing password changes too frequently is actually a security risk, as it encourages bad practices like re-use, iteration, keyboard walks and writing the passwords down.

    There are reasonable limits to impose on this, and educating users with demonstrations such as haveibeenpwned have been highly effective in my experience.