We have three month password expiry policy on AD accounts, but the requirements aren't extreme. We'd do away with it, but then we have our own CEO writing their password down on a piece of paper and giving it to us to troubleshoot their laptop (we have admin accounts for a reason ffs), after being repeatedly told not to, forcing employees to rotate their passwords suddenly doesn't sound too crazy. People are just way too irresponsible sometimes. Plus, we need to have it for certifications, so there's that.
Cybersecurity - Memes
Only the hottest memes in Cybersecurity
Any source about why changing a password regularly is not recommended?
I've got this email today but I have some days left, I think
TOTP and KeePassXC is a blessing
I wish every system ever supported TOTP
!=bfVzh5k&nbsA|+|ZuFc=k25D5zUQ*34QDjK gang
Yeah, but I'm more used to them saying "occasional overtime" when they mean "5-10 hours mandatory overtime, unless it's actually busy, because we refuse to hire enough people to fill all the open positions." Because there's nothing smarter than giving all your sales staff enormous bonuses while the grunts on the floor are over 6 months behind for lack of adequate staffing.
Did you reply to the wrong post?
My work password is my weakest password. It's still pretty good though.
Max. 16 characters
(Still remember: if they have a password length limit, they store the password in plain text! If they do that in the backend. They can do that in the frontend too, in the browser with javascript, which is safe.)
Why would you say that? Services are able to require special characters, variable casing and numbers. Why would the reqirement of max length of the password cause the storage to succumb to plain text?
This simply depends on if they do that in the browser with Javascript (good) or on the backend.
So yes, the statement that I copied from someone else is not always true.