Only the hottest memes in Cybersecurity
This practice is not recommended anymore, yet still found in many enterprises.
Gotta do mine twice a year, always needs to be new, have a number, and a special character. It was annoying because I'm a pass phrase kind of person, but found it's not too hard to just add the year and exclamation marks for each password change into my passphrase.
Plus password managers exist so whatever.
Password1
Password2
Password...
Password28
Password29
Edit: Call IT to reset password costing the company money because of their idiotic password policy
Password...
Password43
Never is too long. Monthly is way to short. I like the idea of doing it yearly in conjunction with other it security awareness and training campaigns.
Agreed. My last job, we were forced to change all service account passwords annually but our personal passwords every month or two.
My current job has more domains and systems so I have so many more passwords with varying complexity and age requirements. I just set a calendar event for every four weeks (one expires just under 5 weeks) and change them all to the same generated password that meets all the common requirements and I save it in my password manager.
So every four weeks, it's seriously this hour+ long ritual for virtually no enhanced security reason.
I've got this email today but I have some days left, I think
I'm convinced this isn't particularly secure because it just results in the following. Mandatory password change, password can't be any of your last six, bla bla bla. Boom rotating stock of my last six, you happy?
"BOB-CEMU" "BOB-MERC" "BOB-SIVA" "BOB-MILK" "BOB-CERA" "BOB-DELT"
Had one company where you couldn't use the same password for 12 months, 10 digit minimum, and had to change it every month
My very secure password series at the time.
DumbP@ss#01
DumbP@ss#02
DumbP@ss#03
Hell, I don't even know my passwords. My password manager does. Sometimes I forget the main password but thankfully my fingers don't, unless I start thinking about it.
Max. 16 characters
(Still remember: if they have a password length limit, they store the password in plain text!)
Lemmy-UI has a password limit of 60 characters. Does that mean they are storing your password in plain text?
He should have said a short length limit, it's still recommended to have a length limit of some sort (I think 64 is the official recommendation) to prevent people from doing shit like pasting the entire Shrek script as a password (because you KNOW some people will lol)
I think they could also check that length with Javascript in the browser. Dont know, you should ask the devs.
Isnt this just bad practice?
Microsoft recommends against it since 2019. But apparently, it is still a thing.
Monthly password change.
Enforced high complexity.
Sticky note on screen.
Are you me
Man, so often do I get half way through my password to realise I'm now typing my old words.
Glad we are Passwordless. Now none knows me password.
oh i didn't know that, are companiesy finally realizing that creating and trying to remember new passwords causes more trouble then keeping one really good password?
Only on accounts that have MFA is password rotation no longer recommended.
If the account is non MFA protected password changes are still recommend.
really? what's the standard for that? like how often should you be rotating your password?
I assumed many people forget their new passwords (because I often do) than are protected by continually rotating passwords.
It's one of the updated NIST recommendations, I don't recall which one but it specifically calls out no password cycling for MFA protected accounts.
I have over 500 passwords in my password manager. I don’t know what I’d do without it.