Video of the Week – How Forced Expiration Affects Password Choice

Data Security Hacker Password Security Breach Mobile Patch TheftBruce K. Marshall delivered this great presentation discussing the history, research, and his thoughts on the “best practices” for password expiration at the Passwords 14 conference earlier this month in Las Vegas, NV. From the abstract – “Forcing users to regularly change passwords has become a standard practice for corporate networks and some web sites. But does it it actually improve security or lead to more guessable passwords?”

Although Bruce offers no concrete conclusions on if we should keep or do away with password expirations, it’s worth a watch for a lot of great historical references (e.g., green book of the original DoD Rainbow series) and a nice consolidation of research on both sites of the argument from the past 20 years. The general feel I took away from the presentation is that we need to either do away with password expirations or extend them to be much longer (e.g., a year or more) due to human factors. And if you have data so sensitive that you should change passwords more often, two-factor authentication should be used instead. But of course I’ll caveat this gut feel with the two most despised words in infosec – “it depends.”


Know of good videos we should feature? Let us know in the comments below. Today’s post pic is from See ya!

2 comments for “Video of the Week – How Forced Expiration Affects Password Choice

  1. August 24, 2014 at 4:07 pm

    #NOVABLOGGER: Video of the Week – How Forced Expiration Affects Password Choice

  2. August 15, 2018 at 5:17 am

    Do not worry about how to fix the wireless display connection in Windows 10, you are not alone to face the problem and in a few minutes you can solve your Bluetooth device problem.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.