Lanark wrote:chas49 wrote:at least it made me change my password which is good practice
Not any more, companies are starting to wake up and realise that forcing people to change password every 30 days actually made them choose really weak passwords with a number on the end.
It has taken a loooooong time for that bit of common sense to prevail.
In addition, it makes people sloppy about hiding where they are writing down the current password.* If you break into my house you'll have to pick the right one of the many Post-It notes stuck to my screen to read my card sales figures!
Business Track (my card merchant bank account interface) forces me to choose a new password every three months and it is beyond tedious and forces (relative) insecurity, but also firmly lodges liability with me.
* Despite official advice not to write down passwords I'd imagine we all do it. I have well over 100 on my list, all different. It's the way most of us choose as this human memory simply isn't strong enough, and I don't trust on line "password managers".