As the author is employed by Microsoft, I find it relevant to point out that I've seen the most harmful password practice - time-based forced password changes - mainly if not only in Microsoft-based ecosystems.
I don't know what percentage of non-geek users being forced to often change their password, choose something not very similar to their current password. I've seen dozens if not hundreds patterns like attaching month number, month name or week number to the same string, like kid's, dog's or company name. Or yellow sticky paper with password underneath the keyboard or even on the monitor.
2 comments
[ 0.15 ms ] story [ 20.6 ms ] threadI don't know what percentage of non-geek users being forced to often change their password, choose something not very similar to their current password. I've seen dozens if not hundreds patterns like attaching month number, month name or week number to the same string, like kid's, dog's or company name. Or yellow sticky paper with password underneath the keyboard or even on the monitor.
especialyifwithmistakez
memberablethatisiflongenough