💾 Archived View for gmi.noulin.net › mobileNews › 1962.gmi captured on 2023-06-16 at 20:30:42. Gemini links have been rewritten to link to archived content

View Raw

More Information

⬅️ Previous capture (2023-01-29)

➡️ Next capture (2024-05-10)

-=-=-=-=-=-=-

Study: Frequent password changes are useless

2010-04-14 05:16:22

Tue Apr 13, 2:16 pm ET

Users hate them. They're a massive headache to network administrators. But IT

departments often mandate them nonetheless: regularly scheduled password

changes part of a policy intended to increase computer security.

Now new research proves what you've probably suspected ever since your first

pop-up announcing that your password has expired and you need to create a new

one. This presumed security measure is little more than a big waste of time,

the Boston Globe reports.

Microsoft undertook the study to gauge how effectively frequent password

changes thwart cyberattacks, and found that the advice generally doesn't make

much sense, since, as the study notes, someone who obtains your password will

use it immediately, not sit on it for weeks until you have a chance to change

it. "That s about as likely as a crook lifting a house key and then waiting

until the lock is changed before sticking it in the door," the Globe says.

On the bright side, changing your password isn't harmful, either, unless you

use overly short or obvious passwords or you're sloppy about how you remember

them. (Many users forced to change their password too frequently resort to

writing them on sticky notes attached to their monitor, about the worst

possible computer security behavior you can undertake.)

Rather, frequent password changes are simply a waste of time and, therefore,

money. According to the Microsoft researcher's very rough calculations: To be

economically justifiable, each minute per day that computer users spend on

changing passwords (or on any security measure) should yield $16 billion in

annual savings from averted harm. No one can cite a real statistic on password

changes' averted losses, but few would estimate it's anywhere approaching $16

billion a year.

Bottom line, IT departments: Drop the password-change mandates. You're only

creating extra work for yourselves and making the rest of us hate you.

Christopher Null is a technology writer for Yahoo! News.

Follow me on Twitter and join me on Facebook!

Follow Yahoo! News on Twitter and join us on Facebook!