Scheduled rotation is deprecated, but it's recommended practice to rotate passwords if your account has been compromised. Which some wallets apparently don't support. Which is quite worrisome, if I'm supposed to store money or money equivalents in the wallet.
Well, you can rotate any wallet, if you're willing to pay: just create a new wallet, pay the transaction fee and transfer your money over to the new address.
It's kinda like with full disk encryption, you can change the key-encrypting-key in seconds, but to rotate master key would require a long time to re-encrypt everything.
Agreed. It's sad how many security engineers still push outdated processes, when there is significant research which indicates _why_ it actually _reduces_ security.
There isn't a clear answer to that but here's what Gene Spafford wrote in 2006:
> So where did the “change passwords once a month” dictum come from? Back in the days when people were using mainframes without networking, the biggest uncontrolled authentication concern was cracking. Resources, however, were limited. As best as I can find, some DoD contractors did some back-of-the-envelope calculation about how long it would take to run through all the possible passwords using their mainframe, and the result was several months. So, they (somewhat reasonably) set a password change period of 1 month as a means to defeat systematic cracking attempts. This was then enshrined in policy, which got published, and largely accepted by others over the years. As time went on, auditors began to look for this and ended up building it into their “best practice” that they expected. It also got written into several lists of security recommendations.
> This is DESPITE the fact that any reasonable analysis shows that a monthly password change has little or no end impact on improving security! It is a “best practice” based on experience 30 years ago with non-networked mainframes in a DoD environment—hardly a match for today’s systems, especially in academia!
I've heard variations on this idea which all stem back to that same kind of scenario of a DoD facility where things like access were limited and, for example, a spy who cracked or shoulder-surfed a password might have to wait some period of time to use it, none of which makes much sense in our modern security landscape. I haven't seen anything definitive about the origins but it's very hard to find an actual security expert who thinks it's a good idea (as opposed to a compliance process enforcement person who might have had this trained into them) and these days I'd really be focused on how you could make WebAuthn mandatory.
>Back in the days when people were using mainframes without networking, the biggest uncontrolled authentication concern was cracking.
When we first got our terminals, at first, shared terminals, there was absolutely no guidance on passwords. Password security wasn't part of the consciousness. At least in my corporate experience in the 80's. Especially with all the data being on tapes. A security utopia, briefly.
Password rotation still makes technical sense today. The benefit is that it limits the utility of stolen credentials.
That’s basically all an MFA token is: a rapidly rotating second password. In fact the widespread availability of MFA options is one reason memorized passwords don’t need to rotate anymore. Just implement MFA instead.
Another reason is that forced rotation of memorized passwords gives users an incentive to create passwords that are simpler, and therefore easier to steal in the first place. So the technical advantage was nullified by a human factors disadvantage.
Security models from the dawn of computing, which operated on assumptions that no longer hold true, including passwords being stored in plaintext in /etc/passwd, then later, crypted in /etc/shadow. If the /etc/passwd file were stolen, then you'd have everyone's password. By forcing the password to be changed every X days, then even if an attacker got a copy of /etc/passwd, those passwords would not work after N days.
It's not obviously explicit (to me, at least) whether they are discussing rotation of passwords specifically or wallet-related authentication flows more generally.
In Bitcoin wallets, for instance, multi-signature wallets do not allow rotation of the signing keys. If one of your singing keys gets owned, you need to burn the wallet.
>> Note: Passwords are not to have a maximum lifetime or be subject to password rotation. Passwords should be checked for being breached, not regularly replaced.
Oof. NIST 101: https://pages.nist.gov/800-63-FAQ/#q-b05
Hard for me to take the rest of this article seriously when one misses something so basic.