>> I have accounts at probably 100's of sites. Am I to understand >> that I am supposed to remember each one of them and dutifully >> update them every month or two?
> Yes; of course if most of those accounts are moribund and unused then you > don't need to change them so often, but the passwords you use frequently > should be changed at regular intervals. > It's pretty commonsensical once the threat is understood. Does anybody have a good URL explaining that idea? It's been kicking around for many years. I've never seen a convincing writeup. Does your bank request/require that you change the PIN on your ATM card every few months? Security is a tradeoff. I think there are two cases for passwords. I'll call them important and junk. I'm willing to store the junk ones in a file or piece of paper that I'm careful with. I have to memorize the important ones. I'm only smart enough to memorize a few good passwords. If I change them every few months, they will be less good, or fewer of them. -- These are my opinions. I hate spam.