Oh I have no problem with regular forced
password changes, say quarterly
or
so; I'm used to that in other contexts. But
not a one-time password,
which
will actually increase risk because people will
choose "keep me logged
in"
to avoid having to get a new password every time
they want to log in.
I believe there's some research to suggest that quarterly password
changes decrease overall security. I personally would not like having
to do that.
These tend also to be solutions coming from
moneyed countries, and some
of
these things involve technology that is not
globally available.
I'm not sure what you mean by that.
A lot of the "solutions" normally bandied about involve things like
two-factor identification, which has the "additional" password coming
through a separate route (e.g., gmail two-factor ID sends a second password
as a text to a mobile) and means having more expensive technology) or using
technology like dongles that cannot be sent to users in certain countries.
I stick to my strong passwords and also subscribe to the xkcd password
theory.[1]
Risker/Anne
[1]