[tarellel]

My current work forces updates every 3 months. It seems more like a security issue requiring this reset so often.

This is because they create another problem when anyone you talk to will say they have their password and just increment a number for every password change. That way they’re not having to remember a whole new password every few months. So there’s never much of a change in anyones password during these rotations.

- abcde1 - abcde2 - abcde3 - …

[pc86]

I think this is an issue for things like a system login where you can't necessarily use 1Password or your equivalent. I have my work domain password in 1Password, and it's a huge pain in the ass when I need to use it in that context.

However, if you use a password manager, and have access to it, I think forcing key rotation on a short schedule actually increases security. The downside of course being that most people don't use a password manager, and most people use the same relatively unsecure password for everything.