In wake of the HeartBleed bug, I'm getting some belated education about web security. In my reading I have not seen a complete concensus on recommendations for password management.
https:///t5/Security-Industry-News/Hacked-LinkedIn-eHarmony-and-Last-fm-How-did-this-happen-and/m-p/5790 for instance.
These points made by the OP are uncontested:
- Create a strong password
- Have different passwords for different sites
- Change your password immediately when notified of any breach
But I've seen varied advice on this point:
- Change your passwords every 90 days
The argument is that with strong passwords and two-factor authentication it is not necessary to frequently change passwords. I've even seen some discussion that requiring frequent changes is counterproductive, as it discourages use of strong passwords.
I would appreciate any insights into these or other best practices for password management from the Webroot community. If you have favored sources of (online) information on this topic, I will follow through on anything you share.
Thanks in advance,
LauraB
