The risks of forcing frequent password changes

May 25, 2008

People can talk about the risks of not changing passwords at the drop of a hat, but they rarely talk about the risks of forcing people to go through frequent password changes. This matters a lot, because there are significant risks.

(And when people do acknowledge the risks, often it is to decry or mock the 'bad habits' that people adopt.)

The obvious problems are that people can't remember things at the drop of a hat just because you want them to, and people have trouble coming up with good passwords (especially at the drop of a hat). So people write down their new password, which is much more likely to be a weak password, because it's much easier to come up with (and remember) weak passwords than strong random ones.

But the direct, obvious problems pale next to the big one: frequent password changes train people not to take security seriously. Being made to change your password frequently is so obviously security theatre (especially if it's treated as a big deal) that it undermines everything else; when you engage in one obvious bit of security theatre, people are predisposed to assume that everything else is also security theatre.

(Remember that most people don't understand security (and probably aren't interested in doing so), and so they have to trust your judgement. But if they wind up feeling that your judgement is clearly flawed on one bit of security practice, this inevitably lessens their trust in all of your judgements.)

This leads me to a suggestion: if you are forced by higher powers to implement mandatory password changes, at least acknowledge to your users that it is a stupid idea (and ideally work with them to make it as painless as possible, for example by teaching them how to come up with one strong password that they can then vary back and forth).

(Yes, I'm aware that this may be politically infeasible.)

Written on 25 May 2008.
« Dear applications: WEP keys are not passwords
Making a good Unix glue language »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Sun May 25 00:24:21 2008
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.