1608
About that... (lemmy.world)
submitted 2 days ago by The_Picard_Maneuver@lemmy.world to c/linuxmemes@lemmy.world
154 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] rolling_resistance@lemmy.world 21 points 1 day ago

My workplace has this common braindead policy where we have to change our passwords every 3 months. So every time I change it, Microsoft page asks me, “HOW WAS IT?”

Like it wasn't annoying enough.

[-] A_Random_Idiot@lemmy.world 13 points 1 day ago* (last edited 1 day ago)

I never understood the purpose of this.

Unless you are REAL stupid levels of lucky to have one of the mandatory password changes the day after a compromise that you werent aware of, all mandatory regular password changes do is make people use less secure passwords.

[-] AnUnusualRelic@lemmy.world 7 points 1 day ago

There's no purpose. It's 100% security theatre.

[-] cashew@lemmy.world 2 points 1 day ago* (last edited 1 day ago)

"Security theatre" is what I've named the contact in my work phone for the call center I have to call every time I accidentally use the "one time password" more than once (because god forbid they implement proper SSO, meaning I have to do a shotgun login run every morning). When I call them all I tell them is my name and that my account is locked.They click a button and we're back. Complete waste of time on everyone's part.

[-] A_Random_Idiot@lemmy.world 1 points 1 day ago

Nothing like TSA level security.

[-] treadful@lemmy.zip 2 points 1 day ago

Technically it reduces the window for a successful brute force.

That said, it comes with serious drawbacks. Mainly making them impossible to memorize, so then users end up just writing them on post-its and putting them on their monitor. Or other equally dumb things.

[-] mcx808@lemmy.ml 1 points 1 day ago

Once upon a time it was a recommended best practice both by NIST and Microsoft if I recall. Both deprecated that practice years ago but most a lot of institutional inertia keeps it going, plus industry standards based on that time that don’t update as often perpetuate the problem.

[-] hardcoreufo@lemmy.world 5 points 1 day ago

So does mine, and we just got hacked. Almost like users make stupid passwords when required to change frequently.

this post was submitted on 19 Sep 2024
1608 points (97.6% liked)

linuxmemes

20705 readers
2791 users here now

I use Arch btw

Sister communities:

Community rules

  1. Follow the site-wide rules and code of conduct
  2. Be civil
  3. Post Linux-related content
  4. No recent reposts

Please report posts and comments that break these rules!

founded 1 year ago
MODERATORS
poopsmith@lemmy.world
zephyr@lemmy.world