That seems to be the general guidance (my company forces us to change our system passwords every 60 days), but I am unsure why this is the case. If someone were to bypass / obtain my password, couldn't they do it immediately? If changing passwords is helpful, how frequently should you do it to be effective?
👤 viraptor Accepted Answer ✓
Changing credentials is helpful if you assume they're compromised every once in a while. These days if a unique and random password is used for each service and/or with 2fa enabled, that assumption is not that great anymore. Adding to that the fact that most people will just add "1" or the current year at the end, it makes updating the password much less useful - it will only stop completely trivial malware.