x

Why do passwords expire?

Apparently, my password is "expiring." Why does that happen? That seems like it's more likely to lock people out of their own accounts than actually provide any security benefit, real or theoretical.

2,914 Views
Message 1 of 3
Report
2 REPLIES 2
Square Champion

what password is expiring?  I've had my Square account for over 7 years and never have had to change my Square Password. 

 

Password rotation is a way some businesses or consumers assure that their employees or themselves aren't using the same password for many things or for a long time.

2,904 Views
Message 2 of 3
Report

Hi DanHakimi,

 

Not too long ago I was prompted to change my Square password - no big deal and it was for my own benefit.   If you ever had an account or your email compromised, it's clear that changing a password on a regular basis is important.  Take a look at this website, it's quite interesting and you may even find your email address out there.   @VanKalkerFarms has a good point too.  As for a discussion about password alternatives that @jackybaba mentioned, that's not a bad idea.  I did a little research and there are many options to consider.

 

Indeed there alternative password solutions.  Below are some authentication methods beyond traditional text-based passwords. Note: No authentication method is foolproof, and each has its own strengths and weaknesses. A combination of different methods might provide the best balance of security and usability.

 

* Two-Factor Authentication (2FA): This involves using a combination of two different authentication factors. Typically, it's something you know (password) and something you have (a time-sensitive code generated by an app, text message, or hardware token).

 

* Biometric Authentication: This uses unique physical or behavioral traits, such as fingerprints, facial recognition, iris scans, or voiceprints, to verify your identity.

 

* Multi-Factor Authentication (MFA): Similar to 2FA, MFA adds an extra layer of security by requiring users to provide multiple forms of identification to access an account.

 

* Password Managers: These tools generate and store complex passwords for various accounts. Users only need to remember the master password for the password manager.

 

* Hardware Tokens: Physical devices like USB keys generate one-time passwords for logging into accounts. They're often used in conjunction with a traditional password.

 

* Smart Cards: These are credit card-sized devices with embedded chips that store authentication information. Users need to insert the card into a reader and often provide a PIN for access.

 

* Push Notifications: When logging in, you receive a push notification on your smartphone. Confirming the notification grants access to the account.

 

* Behavioral Biometrics: This method assesses your behavioral patterns, such as typing speed and style, mouse movements, or device handling, to verify your identity.

 

* Pattern-based Authentication: Instead of a traditional password, you draw a specific pattern on a grid of points or dots, which serves as your authentication code.

 

* Voice Recognition: Analyzing your voice's unique characteristics can authenticate your identity.

 

* Retina Scans: Similar to iris scans, this method involves analyzing the unique patterns in the blood vessels of your retina.

 

* Palm Vein Authentication: This measures the vein pattern in your palm, which is unique to each individual.

 

* DNA Authentication: While still in its early stages and primarily used for high-security environments, some companies are exploring DNA-based authentication.

 

* Location-Based Authentication: This method considers your physical location to determine if the login attempt is legitimate. If it's from an unexpected location, additional verification might be required.

 

* Time-Based One-Time Passwords (TOTP): These are time-sensitive codes that change periodically. They are often generated by apps like Google Authenticator.

 

* Risk-Based Authentication: This system assesses the risk of a login attempt based on various factors like location, device, and user behavior. If the risk is high, additional verification steps are required.

 

* Cognitive Authentication: This emerging method uses behavioral and cognitive patterns, such as how you interact with certain challenges or puzzles, to verify your identity.

1,108 Views
Message 3 of 3
Report