alt Hacker News> Never scan QR codes: There is no evidence of widespread crime originating from QR-code scanning itself.
> The true risk is social engineering scams...
Exactly. My grandma is very susceptible to phishing and social engineering, I don't want her scanning random QR codes that would lead to almost identical service to the one she would think she is on and end up with identity theft or the likes.
> Regularly change passwords: Frequent password changes were once common advice, but there is no evidence it reduces crime, and it often leads to weaker passwords and reuse across accounts.
Database leaks happen all the time.
Replies
> Database leaks happen all the time
The point is to use unique passwords. If there is a leak, hopefully it is detected and then it is appropriate to change the password.
If databases contain your password, you have a problem that regular password changes won't fix.
Forced password changes are one of those security theater exercises that drive me absolutely nuts. It's a huge inconvenience long-term, and drives people to apply tricks (write it on a post-it note, or just keep adding dots, or +1 every time).
Plus, if your password gets stolen, there's a good chance most of the damage has already been done by the time you change the password based on a schedule, so any security benefit is only for preventing long-term access by account hijackers.