If you know me, you know I'm not a fan of forced password expiration. However, I figured that I'd share this argument from a discussion of the 2012 Dropbox breach. After recommending that people not use the same password on multiple accounts, author Warwick Ashford said:
The breach only affects those Dropbox users who have not changed their passwords since 2012. By changing passwords regularly, even if breaches occur, they will be useful to hackers only for a limited time.
Businesses that force employees to change passwords regularly will also have reduced their exposure if any employees had used the same password for their Dropbox account, as well as any internal or other business-related accounts.
According to a TeleSign report, 47% of online account holders rely on a password that has not been changed for five years.
This does not negate what I've previously noted - people who are forced to change their passwords end up choosing simple, bad passwords - but it is something to consider.
I guess tech isn't an organic joke (the Twitter analytics of @empoprises and what this means for Ontario Emperor's "Salad") - I thought I'd peek into the analytics for my @empoprises Twitter account, and I spent a bit of time analyzing the audience insights. Insights are available...
4 hours ago