Lol...R.C. You are absolutely correct..I was not trying to justify the necessity of changing the password only that I didn't know
anyone that abided by, if you'll allow a metaphor, that religion(change every 90 days).
The only routine password change type of dogma that I'm aware of occurs in two places.
1. Hotmail accounts have an option for the user to set it to expire every 72 days
2. Business environments...which may have a policy to change user logon ID's(which also may automatically or require user manual
change to corporate email accounts) periodically(e.g. every thirty days)...lol...sometimes for security issues like newsgroup
Like you, I've never had an account/password breach.
- My *.edu email address still uses the same password(it was only changed once when they modified the system a few years ago, they
sent me a new password, I logged on and changed it back to the original).
- My first msn.com account(and a hotmail capable account)still has the same password since creation in the early 90's. Other's are
pretty much similar.
The only time I've personally ever changed a Hotmail password was in testing the Password Change or Reset routine when someone else
had a problem with it(fortunately for me, it always worked without issue, unfortunate for the user since I couldn't duplicate their
On the other hand, I have seen quite a few systems over the years where address books have been compromised necessitating a
recommended password change...One person I recall who's account and address book was compromised had a username/password with a
mirror images of each other(e.g. david123@newsgroup pw = 321divad@newsgroup). The other thing I never really understood was in
business(which you touched on)...where a user id/pw was changed monthly using the last name with the month number as a
suffix(Smith01, Smith02), the password the same until changed by the user(at least Hotmail doesn't allow the same for username and
password)...that method never made sense to me.
Thus the only reason beyond what I mentioned earlier(90 days sounded nice) that might make sense for suggesting a change is that
people create pretty simple passwords easily figured out by guessing or a simple algorithm.
If your hacked, your hacked..and that's as good as any time to reset it...to something just as easily crack/hackable
Now, if we could only get people to spell 'Phishing' correctly<g>
"R. C. White" <rc@newsgroup> wrote in message news:eDmD4I1RKHA.508@newsgroup
> Hi, Winston - and Gary.
> It seems to me the question is not about "90 days" or any other specific time.
> Why the oft-repeated admonition to change passwords, anyhow?
> If a hacker can crack my password in 90 days, he probably can do it in 3 days - or less. If he never tries to crack my password,
> what does it matter if I've used the same password for 20 years? Or if he tried and couldn't crack it, why should I change it to
> one that he might be able to crack?
> My passwords have never been cracked - so far as I know. So why should I change any of them?
> As you know, Winston, I'm certainly no security expert. But I wonder about the rationale for changing a password. Maybe the
> reasoning is different for me, with my one-man, one-computer, no-net-but-the-Internet situation. I'll bet that a big
> organization with lots of computers and lots of users has a whole different set of ideas about passwords.
> The only way I can see that this might apply to me is if someone has already stolen my password and is just waiting for the right
> time to use it. Or he is already using it and I haven't noticed. In that case, what's magic about 90 days? I'd better change
> the password NOW! But if I give a phisher my password, what does it matter if it is a strong password or not - or if I've
> changed it just this morning?
> R. C. White, CPA
> San Marcos, TX
> Microsoft Windows MVP
> Windows Live Mail 2009 (14.0.8089.0726) in Win7 Ultimate x64
> "...winston" <winstonmvp@newsgroup> wrote in message news:#A7lCQwRKHA.1372@newsgroup
>> I've never seen an explanation nor do I recall anyone claiming they abide by the 90 days suggestion.
>> Maybe 'quarterly' sounded nice when the statement was written, discussed etc.
>> ms-mvp mail
>> "Gary VanderMolen" <gary@newsgroup> wrote in message news:OXYCyAtRKHA.2092@newsgroup
>>> Anyone know what the rationale is for changing your Live ID password every 90 days?
>>> I've never changed mine.
>>> Gary VanderMolen, Microsoft MVP (Mail)
>>> "...winston" <winstonmvp@newsgroup> wrote in message news:e8ETtxqRKHA.3876@newsgroup
>>>> This one's a bit more definitive with instructions and links.
>>>> Update: Phishing scheme affecting some Hotmail customers
>>>> Microsoft recommends customers use the following protective security measures:
>>>> Renew their passwords for Windows Live IDs every 90 days