Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

Separation

(1,975 posts)
Fri Sep 28, 2018, 04:33 AM Sep 2018

Just a reminder, to change your password!

This site has been hack twice during high profile incidents. The first was during the election, and the second time was a script attack when Mueller was announced as lead investigator.

Even if im just being a tad paranoid, it's always good to change your password every 90 days at most.

7 replies = new reply since forum marked as read
Highlight: NoneDon't highlight anything 5 newestHighlight 5 most recent replies

Squinch

(50,883 posts)
2. I am a technological idiot and I have a question that might have an obvious answer.
Fri Sep 28, 2018, 06:27 AM
Sep 2018

I have one set of passwords for sites where I am not that concerned about being hacked, like this site and newspapers and things like that. I have another set for my financial information. I'm not on Facebook or any other social media other than this site.

If, say, the Washington Post were hacked, and they got one of my "no big deal" passwords, and they got my credit card information that pays for my Post subscription, is there a way for them to use that information to get at my other information that is behind my "serious" passwords?

OnDoutside

(19,941 posts)
6. Ok, that's a good thing. If you keep your email passwords separate from all other passwords, then
Fri Sep 28, 2018, 10:48 AM
Sep 2018

you should be ok imo.

 

mythology

(9,527 posts)
5. Security experts don't recommend changing your password every 90 days
Fri Sep 28, 2018, 09:24 AM
Sep 2018
https://www.securitymagazine.com/articles/88771-please-forget-to-change-your-password-every-90-days

Let’s start with password expiration. It’s not easy to come up with complex character or word combinations across dozens of active accounts, memorize them and change them frequently. As a result, users who are required to replace “memorized secrets” every few months tend to violate other security principles, perhaps by writing the passwords down, by recycling passwords from other accounts, by substituting letters with numbers, or by using similar word combinations or patterns across accounts.

According to the UK’s National Cyber Security Centre, “Most administrators will force users to change their password at regular intervals, typically every 30, 60 or 90 days. This imposes burdens on the user (who is likely to choose new passwords that are only minor variations of the old) and carries no real benefits as stolen passwords are generally exploited immediately.” Convinced of this point as well, the National Institute of Standards and Technology (NIST) recently rejected forced changes for memorized passwords absent a security incident. In fact, NIST uses all-caps to scream that administrators “SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically).” Still, readers beware, not everyone has eliminated password expiration requirements (including, as of this writing, the PCI Security Standards Council, as well as many vendor management programs).
Latest Discussions»General Discussion»Just a reminder, to chang...