The Password Advice You'Ve Been Following For Years Is Actually Dangerous
How-To Geek, Sunday, April 5th, 2026
Think changing your password every few months keeps you safe? Think again. Security experts killed the 90-day password reset about a decade ago for a reason - but many IT departments didn't get the memo. Here's why your office's favorite policy is often doing more harm than good
If you feel like you've heard this before, you're right. This isn't "new" news in the way that a zero-day exploit is-it's a slow-motion policy shift. Back in 2016, the FTC advised companies to rethink mandatory password changes, which didn't actually keep hackers out. Around the same time, NIST guidelines discouraged routine resets unless there's evidence of compromise.