• @Cypher
    link
    111 month ago

    Forcing password changes too frequently is actually a security risk, as it encourages bad practices like re-use, iteration, keyboard walks and writing the passwords down.

    There are reasonable limits to impose on this, and educating users with demonstrations such as haveibeenpwned have been highly effective in my experience.