Cybersecurity - Memes

1893 readers

2 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago

MODERATORS

[email protected]

564

Obscure password requirements (feddit.org)

submitted 3 weeks ago by [email protected] to c/[email protected]

108 comments fedilink hide all child comments

What is your favourite password rule?

you are viewing a single comment's thread
view the rest of the comments

[–] Tar_alcaran 69 points 3 weeks ago (18 children)

My favorite is "can't be more than x% similar to the last 3 passwords". Of course, you shouldn't ever define what "similar" actually means.

[–] [email protected] 97 points 3 weeks ago (12 children)

And the only way to check that is by storing the previous passwords in a recoverable format.

[–] [email protected] 6 points 3 weeks ago (1 children)

My understanding is this is done by saving the hashes and checking the current password against them, and (I'm much less concrete on this one) for "similar" it will run common iterations of the password and save those hashes

At a previous job one of the sysadmins checked all AD users for repeated hashes, and compared against hashes of the top 1000 most common passwords. He also identified one of the IT people had the same hash for both their normal account and their domain admin account, and spoke with them individually to change their domain admin account password

load more comments (10 replies)

load more comments (15 replies)