Encourages users to just add a rotating number or other not too secure thing to their password. I know that’s what I did when I worked somewhere with that dumbfuck policy.
Yep. My least secure password is the one I use at work because I’m restricted to 9-12 characters, can’t be sequential forwards or backwards including keys next to each other (abc, 123, qwerty), can’t begin with a number, must contain at least three numbers, must be at least four characters different from your last twelve passwords, and must be changed every 90 days. Oh and it can’t include your first or last name.
Most of my coworkers just use a family members name and then change a few numbers at the end and keep a post it note at their desk with the numbers so they don’t forget it.
The original idea was that you would take how long it took to brute-force a password, then require the password be changed before that. But we have better hashing now, like bcrypt, where you can tune it so that brute forcing anything would take 100s of years.
It was never best practices for anyone who had common sense.
It just forced people to make insecure, easy to remember passwords, cause they were gonna be changed in again soon so why make it complicated and hard to remember.
deleted by creator
deleted by creator
I got to step 20, where my password suddenly caught on fire and Paul died.
My day is ruined.
expired
deleted by creator
expired
Yes, that’s true, and hasn’t been considered so for a long time
why so?
Encourages users to just add a rotating number or other not too secure thing to their password. I know that’s what I did when I worked somewhere with that dumbfuck policy.
Yep. My least secure password is the one I use at work because I’m restricted to 9-12 characters, can’t be sequential forwards or backwards including keys next to each other (abc, 123, qwerty), can’t begin with a number, must contain at least three numbers, must be at least four characters different from your last twelve passwords, and must be changed every 90 days. Oh and it can’t include your first or last name.
Most of my coworkers just use a family members name and then change a few numbers at the end and keep a post it note at their desk with the numbers so they don’t forget it.
Oh really? How come?
deleted by creator
Removed by mod
The original idea was that you would take how long it took to brute-force a password, then require the password be changed before that. But we have better hashing now, like bcrypt, where you can tune it so that brute forcing anything would take 100s of years.
It was never best practices for anyone who had common sense.
It just forced people to make insecure, easy to remember passwords, cause they were gonna be changed in again soon so why make it complicated and hard to remember.
I know I do this. Add another exclamation mark.
Psh… That’s amateur, I just keep incrementing the number at the end ‘password1’, ‘password2’, etc. Gotta fool the password reuse counter!