💾 Archived View for gmi.noulin.net › mobileNews › 1962.gmi captured on 2023-06-16 at 20:30:42. Gemini links have been rewritten to link to archived content
⬅️ Previous capture (2023-01-29)
-=-=-=-=-=-=-
2010-04-14 05:16:22
Tue Apr 13, 2:16 pm ET
Users hate them. They're a massive headache to network administrators. But IT
departments often mandate them nonetheless: regularly scheduled password
changes part of a policy intended to increase computer security.
Now new research proves what you've probably suspected ever since your first
pop-up announcing that your password has expired and you need to create a new
one. This presumed security measure is little more than a big waste of time,
the Boston Globe reports.
Microsoft undertook the study to gauge how effectively frequent password
changes thwart cyberattacks, and found that the advice generally doesn't make
much sense, since, as the study notes, someone who obtains your password will
use it immediately, not sit on it for weeks until you have a chance to change
it. "That s about as likely as a crook lifting a house key and then waiting
until the lock is changed before sticking it in the door," the Globe says.
On the bright side, changing your password isn't harmful, either, unless you
use overly short or obvious passwords or you're sloppy about how you remember
them. (Many users forced to change their password too frequently resort to
writing them on sticky notes attached to their monitor, about the worst
possible computer security behavior you can undertake.)
Rather, frequent password changes are simply a waste of time and, therefore,
money. According to the Microsoft researcher's very rough calculations: To be
economically justifiable, each minute per day that computer users spend on
changing passwords (or on any security measure) should yield $16 billion in
annual savings from averted harm. No one can cite a real statistic on password
changes' averted losses, but few would estimate it's anywhere approaching $16
billion a year.
Bottom line, IT departments: Drop the password-change mandates. You're only
creating extra work for yourselves and making the rest of us hate you.
Christopher Null is a technology writer for Yahoo! News.
Follow me on Twitter and join me on Facebook!
Follow Yahoo! News on Twitter and join us on Facebook!