:) Oh dear. I don't think I've forgotten a password I use regularly (I obviously forget all the time passwords I knew I'd never remember), but it's only a matter of time.
In fact, if I'm forced to use a regularly changing password, I usually use a root and a stem, where there's some pattern to the stem but still a lot of flexibility, enough that it should be about as good as a password unless someone narrows the search space manually. I'm not sure if that's a good idea: the downside is that if someone cracks a previous password list AND wants to crack my password specifically and looks at it manually, guesses what's the stem AND spends a bit of time brute forcing the new stem, it's less secure, but has the advantage that I don't forget it.
I'm inclined to think that's a good trade-off -- I don't think that's really the weakest point in most systems I see. But I know some people think everyone should be able to memorise a new ten digit non-alphanumeric password every three months for the rest of their life for every system they use, so I'm not sure. (I wonder if there could be a claim under the age or disability discrimination legislation: if someone has a medical condition that makes memorising new passwords harder, or simple old age, and they can get experts to testify that something else is better than refreshing passwords like that, could they refuse to do it?)
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
In fact, if I'm forced to use a regularly changing password, I usually use a root and a stem, where there's some pattern to the stem but still a lot of flexibility, enough that it should be about as good as a password unless someone narrows the search space manually. I'm not sure if that's a good idea: the downside is that if someone cracks a previous password list AND wants to crack my password specifically and looks at it manually, guesses what's the stem AND spends a bit of time brute forcing the new stem, it's less secure, but has the advantage that I don't forget it.
I'm inclined to think that's a good trade-off -- I don't think that's really the weakest point in most systems I see. But I know some people think everyone should be able to memorise a new ten digit non-alphanumeric password every three months for the rest of their life for every system they use, so I'm not sure. (I wonder if there could be a claim under the age or disability discrimination legislation: if someone has a medical condition that makes memorising new passwords harder, or simple old age, and they can get experts to testify that something else is better than refreshing passwords like that, could they refuse to do it?)