this post was submitted on 03 Jul 2023
269 points (98.9% liked)

Science Memes

9989 readers
2004 users here now

Welcome to c/science_memes @ Mander.xyz!

A place for majestic STEMLORD peacocking, as well as memes about the realities of working in a lab.

Rules

  1. Don't throw mud. Behave like an intellectual and remember the human.
  2. Keep it rooted (on topic).
  3. No spam.
  4. Infographics welcome, get schooled.

Sister Communities

Science and Research

Biology and Life Sciences

Physical Sciences

Humanities and Social Sciences

Practical and Applied Sciences

Memes

Miscellaneous

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
269
Unlimited power!!! (fediscience.org)
submitted 1 year ago by [email protected] to c/[email protected]
17 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] bufordt 34 points 1 year ago (4 children)

It's similar in IT. Almost no one recommends regular password changes anymore, but we won't pass our audit if we don't require password changes every 90 days.

[–] azertyfun 9 points 1 year ago (1 children)

Same vibe as management buying Oracle products because it's "trustworthy".

[–] bufordt 10 points 1 year ago

When we first switched to JD Edwards, it still sent the passwords in plain text, and our Oracle partner set up our weblogic instances over http instead of https.

I had to prove I could steal passwords as just a local admin on a workstation before they made encrypting the traffic a priority.

[–] [email protected] 7 points 1 year ago (1 children)

A very non-techy relative works in a company that requires password changes every month. At this point his passwords are just extremely easy to guess and basically go like 123aBc+ and variations of it.

Yeah, no clue how that caught traction.

[–] [email protected] 8 points 1 year ago* (last edited 1 year ago)

Our IT department won't allow password managers. Their current stance on what we should do instead is "Uh, we're working on it". So everyone at work uses weak passwords and writes them down in notepad. headdesk

[–] [email protected] 6 points 1 year ago (1 children)

"We recommend updating your password every 90 days!"

Why, you haven't lost it recently, have you?

[–] Corkyskog 4 points 1 year ago

I never understood why this caught on, you even see it recommended for personal applications... which is just stupid. The only reason it existed in the first place is because of concerns of shoulder lookers.

[–] [email protected] 4 points 1 year ago

the only way this gets fixed is when the audits say to follow NIST recommendations.