Oddbean new post about login | logout Why is password expiration considered a "good security practice"? In addition to the hassle, they also encourage people to use simple passwords (where they only increment a number), or to end up with a Post-It on their monitor because they don't have time to store new passwords more securely.
@b92f8cfa it used to be way back, but has for a long time now actually been a risk: A recent University of North Carolina (UNC) research, outlined by FTC Chief Technologist Lorrie Cranor agrees that doing periodic password changes can be counterproductive, as it encourages poor password selection by the users.