this post was submitted on 23 Sep 2023
1248 points (98.2% liked)

Comic Strips

12933 readers
3384 users here now

Comic Strips is a community for those who love comic stories.

The rules are simple:

Web of links

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 21 points 1 year ago (4 children)

My company forces me to change the password every 3 months AND I cannot use the last 10. I use a very strong password and this rule is ridiculous. So I just change it 11 times, iterating a number at the end until I can use my last one. Fuck you.

Also correcthorsebatterystaple.

[–] [email protected] 8 points 1 year ago (1 children)

The more convoluted the Password rules are, the more sticky notes with the monthly password are found.

[–] [email protected] 4 points 1 year ago

It also normalizes resetting passwords all the time for IT. Like, the help desk can get social engineered into resetting your password for someone else. Even if you use Self-Service Password management, you'll still have callers every day who can't figure out that system.

[–] [email protected] 7 points 1 year ago (1 children)

You get three whole months? We have to change ours monthly. Everyone has passwords written on our laptops.

[–] [email protected] 3 points 1 year ago

Microsoft recommends 3 months. Places that follow MS advice will be on 3 months. A few years ago the above was to change every month

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (1 children)

Couldn't a password manager generate and remember them for you?

[–] [email protected] 11 points 1 year ago (1 children)

Typically you need your main company password reasonably typeable because you'll be entering it constantly and often in places that don't support password autofill.

Which is also why forcing people to change passwords so often causes more issues than it solves. People just dumb it down until it meets the bare minimum requirements.

[–] [email protected] 2 points 1 year ago

Speaking of corporate passwords, a shitty system has the modern windows network support modern passwords, but some important system you need reads the windows network password, but enforces ancient windows password rules, including a length limit of 16 characters