The first of February was "Change your password" day. Because there are a lot of InfoSec people in the community I would like to ask: Is it still a good idea to change the password regularly? Respectively does this make sense any more?
I am not convinced to change the password regularly. For sure it makes perfect sense, when:
- Account was hacked
Check with tools like https://haveibeenpwned.com/
- Using the same password for more than one service/account
- Using a bad password (for example: Password1)
I am convinced of the following measures to protect accounts and passwords:
- Using long and/or complex passwords
- Using MFA wherever possible
- Using a password manager
What do you think about this?