1683
About that... (lemmy.world)
you are viewing a single comment's thread
view the rest of the comments
[-] A_Random_Idiot@lemmy.world 14 points 1 month ago* (last edited 1 month ago)

I never understood the purpose of this.

Unless you are REAL stupid levels of lucky to have one of the mandatory password changes the day after a compromise that you werent aware of, all mandatory regular password changes do is make people use less secure passwords.

[-] AnUnusualRelic@lemmy.world 7 points 1 month ago

There's no purpose. It's 100% security theatre.

[-] cashew@lemmy.world 2 points 1 month ago* (last edited 1 month ago)

"Security theatre" is what I've named the contact in my work phone for the call center I have to call every time I accidentally use the "one time password" more than once (because god forbid they implement proper SSO, meaning I have to do a shotgun login run every morning). When I call them all I tell them is my name and that my account is locked.They click a button and we're back. Complete waste of time on everyone's part.

[-] A_Random_Idiot@lemmy.world 1 points 1 month ago

Nothing like TSA level security.

[-] treadful@lemmy.zip 2 points 1 month ago

Technically it reduces the window for a successful brute force.

That said, it comes with serious drawbacks. Mainly making them impossible to memorize, so then users end up just writing them on post-its and putting them on their monitor. Or other equally dumb things.

[-] mcx808@lemmy.ml 1 points 1 month ago

Once upon a time it was a recommended best practice both by NIST and Microsoft if I recall. Both deprecated that practice years ago but most a lot of institutional inertia keeps it going, plus industry standards based on that time that don’t update as often perpetuate the problem.

this post was submitted on 19 Sep 2024
1683 points (97.6% liked)

linuxmemes

21251 readers
1686 users here now

Hint: :q!


Sister communities:


Community rules (click to expand)

1. Follow the site-wide rules

2. Be civil
  • Understand the difference between a joke and an insult.
  • Do not harrass or attack members of the community for any reason.
  • Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
  • Bigotry will not be tolerated.
  • These rules are somewhat loosened when the subject is a public figure. Still, do not attack their person or incite harrassment.
  • 3. Post Linux-related content
  • Including Unix and BSD.
  • Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of sudo in Windows.
  • No porn. Even if you watch it on a Linux machine.
  • 4. No recent reposts
  • Everybody uses Arch btw, can't quit Vim, and wants to interject for a moment. You can stop now.

  • Please report posts and comments that break these rules!

    founded 1 year ago
    MODERATORS