Back in April this year, a blog from Microsoft stated their position on the concept of expiring passwords. In a blog post which discussed security for Windows 10, they made it clear that the long accepted practice of expiring passwords was antiquated and counter productive.
The risks with forcing a password change are numerous. People tend to stick with a similar password and simply add 1, 2, 3 etc. at the end so that they can remember the password. If the password rules prevent that, then humans tend to write the password down somewhere else as they are worried they will forget it.
In effect password expiration is the cause of a big security no-no, as writing down your password is a serious security compromise. Add to that, the only real value of changing an already secure password is if you believe that password to have been compromised. If a secure password has not been breached, the why change it?
The major issue with passwords is people.
As an example, a great password might be GhfafuhGGGX33#55FGtr$$. Unfortunately humans generally cant remember large strings of random characters.
Instead, we resort to things like “wife maiden name + anniversary date” or “Childs Name + Birth Date” the problem here is predictability, with a little research it can become easy to guess and crack this kind of password.
So, what’s the answer? Come up with a phrase that means something to you, but is unlikely to be associated with you.
Here are examples of phrases that could be used as strong passwords.
Using random phrases solves the password problem.
The password can be very long
The password is still easy to remember and doesn’t need to be written down
The password can be alpha numeric
The password is nearly impossible to predict or guess.
One final word of advice. Once you pick that password, DON’T SHARE IT WITH ANYONE!