@vzq@lemmy.blahaj.zone
link
fedilink
English
501Y

Password expiration is no longer considered a best practice. FYI.

Yes, that’s true, and hasn’t been considered so for a long time

@Waker@lemmy.pt
link
fedilink
English
171Y

For provoking fury it is.

https://neal.fun/password-game/

7heo
link
fedilink
English
1
edit-2
1Y

expired

@Nelots@lemmy.world
link
fedilink
English
12
edit-2
1Y

I got to step 20, where my password suddenly caught on fire and Paul died.

My day is ruined.

@Waker@lemmy.pt
link
fedilink
English
01Y

You’re braver than me. I don’t when it asked for roman numerals multiplying or something I just gave up haha

7heo
link
fedilink
English
3
edit-2
1Y

expired

@netvor@lemmy.world
link
fedilink
English
21Y

why so?

@poop@lemmy.blahaj.zone
link
fedilink
English
21Y

Encourages users to just add a rotating number or other not too secure thing to their password. I know that’s what I did when I worked somewhere with that dumbfuck policy.

Yep. My least secure password is the one I use at work because I’m restricted to 9-12 characters, can’t be sequential forwards or backwards including keys next to each other (abc, 123, qwerty), can’t begin with a number, must contain at least three numbers, must be at least four characters different from your last twelve passwords, and must be changed every 90 days. Oh and it can’t include your first or last name.

Most of my coworkers just use a family members name and then change a few numbers at the end and keep a post it note at their desk with the numbers so they don’t forget it.

@Dubious_Fart@lemmy.ml
link
fedilink
English
2
edit-2
1Y

It was never best practices for anyone who had common sense.

It just forced people to make insecure, easy to remember passwords, cause they were gonna be changed in again soon so why make it complicated and hard to remember.

@phar@lemmy.ml
link
fedilink
English
21Y

I know I do this. Add another exclamation mark.

@pezhore@lemmy.ml
link
fedilink
English
11Y

Psh… That’s amateur, I just keep incrementing the number at the end ‘password1’, ‘password2’, etc. Gotta fool the password reuse counter!

@flashgnash@lemm.ee
link
fedilink
English
11Y

Oh really? How come?

@vzq@lemmy.blahaj.zone
link
fedilink
English
8
edit-2
1Y

NIST removed password expiration from their recommendations in 2020. Instead they recommend only forcing password changes when compromise is suspected.

The main argument is that they do not make users or systems demonstrably safer and encourage bad password habits.

@pkulak@beehaw.org
link
fedilink
English
21Y

The original idea was that you would take how long it took to brute-force a password, then require the password be changed before that. But we have better hashing now, like bcrypt, where you can tune it so that brute forcing anything would take 100s of years.

I would imagine most users change their password by only 1 character, and maybe even in sequential order.

When time comes to change the password, it becomes password1234 instead of password123. Or password234. Something easy to remember, most users don’t care about best security practices, and changing to a similar password is very convenient. Especially if it’s “only” for work stuff

Create a post

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

  • Posts must be relevant to programming, programmers, or computer science.
  • No NSFW content.
  • Jokes must be in good taste. No hate speech, bigotry, etc.
  • 1 user online
  • 81 users / day
  • 214 users / week
  • 415 users / month
  • 2.93K users / 6 months
  • 1 subscriber
  • 1.53K Posts
  • 33.8K Comments
  • Modlog