First and foremost, we like to tell people that we have 500 million active users using our webapps. Thinking about things such as active users compared to raw signups is negative and we naturally try to avoid negative reports. Expiring passwords would be a very easy way to measure how many active, engaged members a site has. If we start expiring passwords, it will become very clear how effective our leadgen efforts are as well as how strong our communities actually are.
Generally, users come and go. We accept them as engaged, contributing users when they preform an action once every x number of days. Expiring passwords is one more hurdle that must be crossed when a user returns. Any hurdle, even an "email me a login link" will force a percentage of users to re-evaluate their desire to contribute.
People will learn that using one password multiple times has serious repercussions. Already, we're seeing the proliferation of standalone password managers and easy to use bookmarklettes such as SuperGenPass.
I think that the solution to this problem is: Any time that a user requests a new or renewed password, e-mail them a link to a trustworthy, cross platform password manager. Explain that you have no affiliation with the company you're mentioning, but in a short sentence or two, convey that using a strong, unique password is important for their security across the web.
Generally, users come and go. We accept them as engaged, contributing users when they preform an action once every x number of days. Expiring passwords is one more hurdle that must be crossed when a user returns. Any hurdle, even an "email me a login link" will force a percentage of users to re-evaluate their desire to contribute.
People will learn that using one password multiple times has serious repercussions. Already, we're seeing the proliferation of standalone password managers and easy to use bookmarklettes such as SuperGenPass.
I think that the solution to this problem is: Any time that a user requests a new or renewed password, e-mail them a link to a trustworthy, cross platform password manager. Explain that you have no affiliation with the company you're mentioning, but in a short sentence or two, convey that using a strong, unique password is important for their security across the web.