It has been 6 years since NIST told companies to stop doing this. And I’d be willing to bet there are more companies still mandating this than ones that don’t.
My old job had that policy. I decided I would not try to remember my passwords. Instead I had I.T. on speed dial and I would just call them daily to change my password to the one I liked. They hated me. I don’t work there anymore. For unrelated reasons. I think.
I wish I only had to change my passwords every 90 days. That would be a dream.
I’ll just have to refer to the unofficial password sticky note that everyone in the office shares containing all the usernames and passwords, and the date on which they were last changed, that was started less than a week after the password change policy.
It’s hilariously insecure, but we just can’t deal with the password load. It’s too much work. We’d sooner be fired if we had to comply with the password policy.
It has been 6 years since NIST told companies to stop doing this. And I’d be willing to bet there are more companies still mandating this than ones that don’t.
My old job had that policy. I decided I would not try to remember my passwords. Instead I had I.T. on speed dial and I would just call them daily to change my password to the one I liked. They hated me. I don’t work there anymore. For unrelated reasons. I think.
I wish I only had to change my passwords every 90 days. That would be a dream.
I’ll just have to refer to the unofficial password sticky note that everyone in the office shares containing all the usernames and passwords, and the date on which they were last changed, that was started less than a week after the password change policy.
It’s hilariously insecure, but we just can’t deal with the password load. It’s too much work. We’d sooner be fired if we had to comply with the password policy.
I’m very glad that my company took the note and only require a password change once a year
Heck, my uni mandates this policy, just once a year