Renewing Master password every x time

If you are still a fan of this “change your password”-idea, please take a look at this:

Nist.gov:
“Do not require that memorized secrets be changed arbitrarily (e.g., periodically) unless there is a user request or evidence of authenticator compromise.”
Source: https://pages.nist.gov/800-63-3/sp800-63b.html#sec10, see below 10.2.1 under Memorized Secrets

Because of your name I assume that you speak some German.
Therefore you also might want to take a look at this article:

And finally a personal note:
Whenever I was forced to change my password on a regular basis both me and everyone who told me about this just added a counter or date to the “regular” password.

2 Likes