• hactar42@lemmy.world
    link
    fedilink
    arrow-up
    47
    ·
    1 year ago

    Must change every 90 days

    It has been 6 years since NIST told companies to stop doing this. And I’d be willing to bet there are more companies still mandating this than ones that don’t.

    • LazaroFilm@lemmy.world
      link
      fedilink
      English
      arrow-up
      26
      ·
      edit-2
      1 year ago

      My old job had that policy. I decided I would not try to remember my passwords. Instead I had I.T. on speed dial and I would just call them daily to change my password to the one I liked. They hated me. I don’t work there anymore. For unrelated reasons. I think.

    • henfredemars@infosec.pub
      link
      fedilink
      English
      arrow-up
      19
      ·
      edit-2
      1 year ago

      I wish I only had to change my passwords every 90 days. That would be a dream.

      I’ll just have to refer to the unofficial password sticky note that everyone in the office shares containing all the usernames and passwords, and the date on which they were last changed, that was started less than a week after the password change policy.

      It’s hilariously insecure, but we just can’t deal with the password load. It’s too much work. We’d sooner be fired if we had to comply with the password policy.