Many times, online services ask you to change your password every two or three months to keep your account secure. In fact, it is a very controversial security measure, as many are the ones who think it completely wrong.
The Federal Trade Commission chief technology officer, Lorrie Cranor, broke the legend earlier this week at a security conference in Las Vegas.
The technologist argued that services that require periodic password changes could backfire Results, κάνοντας τον κωδικό σας λιγότερο ασφαλή. Ο λόγος είναι ότι όταν οι χρήστες απαιτείται να αλλάξουν το password τους, καταλήγουν να χρησιμοποιούν τον old κωδικό πρόσβασής τους, με κάποια μικρή change.
A lowercase letter can be changed to a capital letter. Or an extra letter or character could be added towards the end. Researchers call these little tricks "transformations," and hackers are well aware of them.
Thus, the crackers of crackers can predict these script transformations and cracking routines.
"UNC researchers report that people who had to change their passwords every 90 days use a pattern and do what we call transformation," Cranor said, according to Ars Technica.
"They get their old passwords, change them somehow, and so they have a new password."
Cranor relied on a UNC survey by 2010 that checked data from 7700 accounts that needed to change their passwords regularly.
The specialist in themeτα ασφάλειας Bruce Schneier συμφωνεί απόλυτα.
"I have said for years that it is not good security advice to encourage bad passwords."
This does not mean that it's not a good idea to change your password. If your password existed in the data of a significant violation like LinkedIn, and you use it on other service pages, you will of course have to change it.
A capital letter (with many random letters (lowercase & uppercase) and numbers) is harder to break, as it reduces the chances of guessing it and adding it to a dictionary used by password crackers
