Weekly Update 316

Geez it's nice to be home 😊 It's nice to live in a home that makes you feel that way when returning from a place as beautiful as Bali 😊 This week's video is dominated by the whole discussion around this tweet:

I love this for the way it throws traditional logic out the window, logic we all knew sucked and I suspect the massive engagement the tweet drove is due to precisely that: Microsoft giving us all a good reason to whinge about a sucky practice that still prevails so broadly. So... I hope you enjoy listening to just how bad enforced password rotation sucks 😊

Listen on Apple Podcasts
Get it on Google Play
Download via RSS


  1. We've known that mandatory password rotation has passed its used by date for years now (that blog post was actually the genesis for Pwned Passwords)
  2. The Bhinneka breach went into HIBP (Indonesian e-commerce service with 83% of pwnees being repeat visitors to HIBP)
  3. The Wakanim breach also went in, a pretty fresh one from 6 weeks ago (actually thought this was quite under-reported for an incident impacting 6.7M people)
  4. Sponsored by: Kolide can help you nail third-party audits and internal compliance goals with endpoint security for your entire fleet. Learn more here.
Weekly update
Tweet Post Update Email RSS

Hi, I'm Troy Hunt, I write this blog, create courses for Pluralsight and am a Microsoft Regional Director and MVP who travels the world speaking at events and training technology professionals