Ed Pawlowski wrote on 9/25/2016 :
On 9/25/2016 1:35 PM, FromTheRafters wrote:


Given the exhaustive search or dictionary attack scenario, changing the
password would make the already tried and failed passwords viable again,
so the attacker would have to start over again.

And your "new" password may be the next one tried and thus cracked. Not so
sure it improves the odds.

Sure, but the idea behind exhaustive search is not the same as behind
random tries, it reduces the effective keyspace after each try. If the
entire keyspace can be searched in a year, the average time to break is
six months. If you change the password every three months they may
never hit the mark. This definitely does improve your odds.