And despite security recommendations, too many IT depts still force password resets every 90 days...
And people confronted with this change their password from "p@55w0rd!1" to "p@55w0rd@2". Yep extra-secure!
At some point most security recommendations are self-defeating.
Hey, how do you know my password?
@278 and going strong, across 7 companies. One time, just to mix things up, I used an exclamation mark instead. It was exhilerating. /s
I work in the IT section of a bank and they force a change every 30 days and can only have an 8 character password no more no less 🙃
Seems like a job for Bobby tables
Ideally we'd all use password managers, but I'm aware 99% of peoole don't. Even with one, it's frankly a pain in the butt to be nagged about changing it. "Man, my passwords are 20 random characters. I don't need yo reset ot unless you've had a breach."
{Sitename}+{SaLt}+{yymmdd of password change} easy peasy
I college we had to change our password every semester. Guess who added the semester number onto the end of their password. Hint: everyone.
Same as a government job that required monthly password changes. Well, at least those people had more security than the post-it note on the monitor people
NavyExchange!(ddmm of password change) for as long as I worked there, it was really only to use a register though, I had nothing compromising behind the password lock.
And despite security recommendations, too many IT depts still force password resets every 90 days...
It could be for contractual or for insurance reasons. We have some contracts with government agencies that require it, and our cyberinsurance also does. Even though NIST has been recommending for years to do long passphrase + MFA and no reset unless you suspect compromise.
So yeah, the reason behind this might not be just plain incompetence.
Who still isn't using a password manager?
I promise you that does not help.
I suspect a large number of these incidents are due to the password field in the login page allowing fewer characters than the field in the sign up page, so the password gets truncated. A couple of help desk meat shields have confirmed that for me, but mostly I think this because it seems to fix itself if I use a shorter password.
How short, you ask? Who tf knows! They sure as shit won't tell you! Just spend the next 20 minutes trying shit til it works, because you have nothing better to do with your time!
My parents. All written down on paper in handy notebooks for anyone that breaks in. Two entire lives and everything in them just there for the taking.
My grandma does this, but they're in one of the many Bibles she has in her home.
If I recall, a few (most) security experts now support written-on-paper passwords. Why? Because it is the solution for users who would otherwise commit far a more egregious security faux pas otherwise.
In most circumstances, it is easier to keep the notebook secure than your wallet, your car, etc. And let's be honest, the list of suspects are REALLY short if someone breaks into your house, opens the third drawer, grabs the notebook and runs. And if it's more than that and somebody ransacks your entire house, I guarantee having to change your passwords is the least of your headaches.
Ultimately, physical compromise is the lowest possible security risk for most people throughout their lives. Yes, it happens. Yes, it sucks. But having your bank password out in the wild with nobody realizing it is possibly far more dangerous.
I do use a password manager but this shit still happens. Does anyone know why? Something to do with a "password hash", I think...
They are just gaslighting you. Its a global conspiracy in tech industry
You must be using double-strength ROT13 encryption.
Why am I in this picture?
If it helps, I think we’re all in this picture at some point lol.
C00kies!
6 months later: C00kies?
6 months later: C00kies!
6 months later: C00kies?
This is how it's done.
Or use a fucking password manager like Bitwarden or Keepass
I won't say where I work but we have strict password requirements including that they have to be exactly 8 characters long.
Yeah our passwords aren't very secure as we also have to change them every 90 days and if you miss the window by 3 days you have to call the IT desk to reset it which takes about 45 minutes to an hour. And in that time you basically can't get anything done.
At home I use a password manager and all my passwords are randomly generated and whenever possible 2fa is enabled.
Ahh, so you all also shop at target online, eh?
I'm guessing this is american target and not Australian target
And that’s why I generate my passwords randomly.
Thank you Bitwarden.
So do I. This still happens.
I feel stupid. Can someone explain this to me? Is it saying people have a hard time coming up with a new password?
