Password expiry mitigation
Posted: Tue Feb 02, 2016 10:34 pm
I recently realised that the pain of password expiry has an upside: if you actually generate good passwords every time (ie using a real source of randomness, not your own imagination), and if you keep records of all those passwords (and everyone who cares about passwords should really have encrypted storage of some kind), then whenever you come across a site where you need to sign up to something, you have a ready-made list of strong passwords that you no longer use anywhere sensitive, but that your fingers are trained to type.
To be clear, I think that password expiry is, in general, a poorly-conceived response to a small part of the overall problem. But since it exists, this is one way to make it less awful. Has anyone else experienced this?
To be clear, I think that password expiry is, in general, a poorly-conceived response to a small part of the overall problem. But since it exists, this is one way to make it less awful. Has anyone else experienced this?