denise: Image: Me, facing away from camera, on top of the Castel Sant'Angelo in Rome (Default)
Denise ([staff profile] denise) wrote in [site community profile] dw_maintenance 2017-02-26 06:00 pm (UTC)

Well, absolute best practice is to use a password manager that auto-generates unique passwords for each site, and protect it with a passphrase or pass-sentence rather than a password, sure. But getting people to do that is hard, and given that data indicates that up to 70% of people reuse passwords across multiple sites, the 'change your password regularly' advice still has its place, because chances are pretty good a large number of our users a) use the same password on DW as they do elsewhere on the internet; b) have had the password of one of their 'elsewhere on the internet' breached in something in the time since they've last changed their password. Sometimes you give security advice for the audience you have, not the audience you want...

And really, I'd be perfectly happy if people used unique passwords for DW but wrote them down and stuck them in their wallet or whatever! People are used to protecting the contents of their wallet. Even "written down and stuck in the top drawer of the desk" is better than "reused over multiple sites since 2009" or whatever, especially since DW is the kind of service that people use at home (and how many people are going to be poking around in your desk at home) and not at work.

Post a comment in response:

From:
Anonymous( )Anonymous This account has disabled anonymous posting.
OpenID( )OpenID You can comment on this post while signed in with an account from many other sites, once you have confirmed your email address. Sign in using OpenID.
User
Account name:
Password:
If you don't have an account you can create one now.
Subject:
HTML doesn't work in the subject.

Message:

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org


 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.