DEV Community

Discussion on: Why Password Length Matters

Collapse
akofod profile image
Andy Kofod Author

The problem with requiring regular password changes is that you force users to remember a new password every time. This tends to drive users to find a pattern for each new password. Something like incrementing the last digit, or just changing the special character. Now, if you're using random passwords, this isn't an issue, but then there really isn't any benefit in changing them either, unless you have reason to believe your system is compromised.

This is one of the current Digital Identity Guidelines from the NIST. See section 5.1.1.2.