
Making security better: Passwords - jvdh
https://cesgdigital.blog.gov.uk/2015/09/08/making-security-better-passwords/
======
brianclements
_Unlike previous guidance, this doesn 't focus on trying to get ever more
entropy into passwords. Instead we're encouraging system designers and
security architects to think more about where they're requiring passwords, and
what they're trying to achieve with them_

Great from the system side. From the user end however, I had a revelation when
I realized that I need to make a distinction between strong passwords and
disposable passwords. Much has been said already about strong passwords for
keys, log-ins, encryption, but disposable ones for almost all websites? That
are easy to remember? I've been using SuperGenPass[1] for that and have loved
it.

[1] [http://www.supergenpass.com/](http://www.supergenpass.com/)

------
jvdh
Finally someone with credibility who states that regular password changes are
pointless, and may even reduce security. It's even backed by scientific
publications from Microsoft.

