Originally Posted by
awayIgo
I agree, there have been reports that there is no additional security in having people constantly change passwords. That being said what i usually do is just keep increasing the last digit of the password by one and leaving everything else the same. --easier to remember this way!
Ha! I do the exact same thing!
The LY password policy has been driving me looney for years. . . . but you should all know it emanates from a flawed concept that originates with the Bank of Israel, which mandates these constant password changes on all Israeli banking sites, which trickles down to companies like El Al. The concept is to make you change the password often enough that a thief/hacker won't let on to you. But its flawed because when you have a password that you can easily remember, you are less likely to record it anywhere except in your mind. When you have a whole bunch of different passwords and they are constantly changing, then you are far more likely to record them in a file on your computer or on an online storage site - and thus are far more exposed and likely to be hacked. For the country that gave us Checkpoint and the kernel of Norton antivirus, this is a pretty lame and not thought out security breach.
But its not just LY - though, as far as I know, LY are not required to comply with this policy because they aren't under the BofI's jurisdiction - they voluntarily chose to adopt it. Have no fear, though: Nobody in LY management has a clue about this. Their whole IT setup was one-time outsourced to some external company who just made it up as they went along and didn't work off of any spec. There is no other way to explain the ridiculous and embarrassing state of LY's web presence, reservations systems, call center routing or anything else related to technology which is ALL done very badly by them.