With historic breaches now becoming a trend, does historic GCHQ advice not to ‘force regular password expiry’ still make sense?
Routine monitoring was apparently the reason for Amazon forcing a password reset on an undisclosed number of customers this week.
The online giant has denied the login list it uncovered, containing credentials matching Amazon customers, was connected to an Amazon breach. Instead, it suggested that password reuse is the likely explanation.
Customers have been contacted informing them of the forced reset, and requesting they change their passwords as soon as possible. Industry speculation is that the credentials could have come from an unrelated breach.
Which raises an interesting question: with historic breaches becoming a trend of late, does the GCHQ advice not to ‘force regular password expiry’ still make sense? If, that is, it ever did in the first place.
