I f*cking hate it when programs force you to change your password

[ecchi]

Quote:

Originally Posted by javbucks

The password changing is for your benefit though honestly

The only reason any company needs to ask it's clients to keep changing passwords is to make up for their own lax security. If you are using an affiliate of any program that does this, only ever accept payment via cheque, never by wire transfer or Paxum etc. Sending money to you via methods like those requires you to give them more information than is safe to give to a company with such poor Internet security that they have to ask you to keep changing passwords.

[papagmp]

Quote:

Originally Posted by ecchi

The only reason any company needs to ask it's clients to keep changing passwords is to make up for their own lax security. If you are using an affiliate of any program that does this, only ever accept payment via cheque, never by wire transfer or Paxum etc. Sending money to you via methods like those requires you to give them more information than is safe to give to a company with such poor Internet security that they have to ask you to keep changing passwords.

Anyone and anything can be hacked - changing passwords regularly is part of any decent security protocol.

[ecchi]

Quote:

Originally Posted by papagmp

changing passwords regularly is part of any decent security protocol.

No it's not. If you are forced to repeatedly change your password you eventually have to write it down (as Toby said). You also end up running out of ideas and using things you would not normally even consider using (eg mother's maiden name).

The main reason companies insist on this is to cover up their own mistakes. When someone hacks their system and gains access to their clients because they were not secure enough they can defend themselves with "It is not our fault, it is your fault. What do you expect to happen if you use such an insecure password/write your passwords down." If they are asking, in advance, for you to "give them an excuse", they already know that their security is shit. Why would anyone even consider giving sensitive information to a company like this?

However, even worse, are those companies who are not doing to cover themselves but because they genuinely believe it is a good idea. They have read posts like yours, and without thinking it through have implemented it as policy. Basically they are idiots who have no idea about real security, and are basing their security policies on "something they read on the Internet". They are well meaning and think they are doing the right thing, but that is no consolation when some Russian hacker gets hold of your bank details from hacking them, and steals all your savings.