Regular password changes make things worse

Security experts have been saying for decades that human weakness can trump the best technology.  Apparently, it can also trump conventional wisdom.

Since passwords became the chief method of online authentication, conventional wisdom has been that changing them every month or so would improve a person’s, or an organization’s, security.

Not according to Lorrie Cranor, chief technologist of the Federal Trade Commission (FTC), who created something of a media buzz earlier this year when she declared in a blog post that it was, “time to rethink mandatory password changes.”