I disagree - rotating passwords comes at a cost especially for people who don't use a good password manager (and that is basically everyone). It's security theatre and generally creates distrust between people offering security advice and the people who (hopefully) are listening.
There are times when it should be done, but don't do it without a reason.
I'd add that it's basically useless. From what I've seen, resetting your password doesn't even invalidate previously issued JWT tokens, which would be the only reason to do it. But of course, you've already reset them all and so has lemmy.world.
I disagree - rotating passwords comes at a cost especially for people who don't use a good password manager (and that is basically everyone). It's security theatre and generally creates distrust between people offering security advice and the people who (hopefully) are listening.
There are times when it should be done, but don't do it without a reason.