• Rolling Resistance
    link
    fedilink
    223 months ago

    My workplace has this common braindead policy where we have to change our passwords every 3 months. So every time I change it, Microsoft page asks me, “HOW WAS IT?”

    Like it wasn’t annoying enough.

    • @[email protected]
      link
      fedilink
      English
      14
      edit-2
      3 months ago

      I never understood the purpose of this.

      Unless you are REAL stupid levels of lucky to have one of the mandatory password changes the day after a compromise that you werent aware of, all mandatory regular password changes do is make people use less secure passwords.

        • @[email protected]
          link
          fedilink
          2
          edit-2
          3 months ago

          “Security theatre” is what I’ve named the contact in my work phone for the call center I have to call every time I accidentally use the “one time password” more than once (because god forbid they implement proper SSO, meaning I have to do a shotgun login run every morning). When I call them all I tell them is my name and that my account is locked.They click a button and we’re back. Complete waste of time on everyone’s part.

      • @[email protected]
        link
        fedilink
        English
        23 months ago

        Technically it reduces the window for a successful brute force.

        That said, it comes with serious drawbacks. Mainly making them impossible to memorize, so then users end up just writing them on post-its and putting them on their monitor. Or other equally dumb things.

      • @[email protected]
        link
        fedilink
        13 months ago

        Once upon a time it was a recommended best practice both by NIST and Microsoft if I recall. Both deprecated that practice years ago but most a lot of institutional inertia keeps it going, plus industry standards based on that time that don’t update as often perpetuate the problem.

    • @[email protected]
      link
      fedilink
      53 months ago

      So does mine, and we just got hacked. Almost like users make stupid passwords when required to change frequently.