Current IT best practice is that passwords should never expire on a set schedule, but they should expire if there is evidence they’ve been breached.

Miles O'Brien
link
fedilink
English
193M

Legit, my old job required a 90-day change, and I once logged into a system I could do monetary damage on with ease, because I took a guess at my manager’s password based on how long it had been since he told it to me during an emergency.

He did what every single person I spoke to did. “password 01” changed to “password 02” and I just tried twice, and sure enough he had changed it three times since he had told me.

While I wouldn’t be ruining the company as a whole, I could have easily fucked over the individual location because scheduled password changes just ensure people use predictable passwords.

Create a post

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

  • Posts must be relevant to programming, programmers, or computer science.
  • No NSFW content.
  • Jokes must be in good taste. No hate speech, bigotry, etc.
  • 1 user online
  • 91 users / day
  • 116 users / week
  • 501 users / month
  • 2.48K users / 6 months
  • 1 subscriber
  • 1.6K Posts
  • 35.5K Comments
  • Modlog