xkcd

8584 readers

212 users here now

A community for a webcomic of romance, sarcasm, math, and language.

founded 1 year ago

MODERATORS

[email protected]

1010

xkcd #2869: Puzzles (imgs.xkcd.com)

submitted 9 months ago by [email protected] to c/[email protected]

116 comments fedilink hide all child comments

https://xkcd.com/2869

Alt text:

Why couldn't the amulet have been hidden by Aunt Alice, who understands modern key exchange algorithms?

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 3 points 9 months ago* (last edited 9 months ago)

Yes, password expiry is generally considered bad practice and should only be triggered on demand if there's suspicion of a security breach, precisely because it's much more likely to lead to simple, less secure passwords. And when users change it, they will probably just add a number or something anyway, so it's not going to stop a determined attacker from finding the new pw regardless.

Which doesn't stop a ton of organizations from requiring it anyway.