ST Alpha - "LIR: Pippy. We stopped doing periodic password resets. Now I just check the passwords against the "Have I Been Pwned" list of compromised passwords" (Reading a Post)

SlickerTalk
Search Archives
The Leaderboard
The FAQ

Down to Post

Backboards:

Posts: 155

LIR: Pippy. We stopped doing periodic password resets. Now I just check the passwords against the "Have I Been Pwned" list of compromised passwords

Posted by oblique (aka kkuphal) Mar 31 '21, 09:08

occasionally as the list is updated and then we force password changes to any user that shows up on the list. Passwords are also checked when the user changes it so they can't use a compromised password.

We still enforce some complexity but even "Password123" meets that requirement (3 character types - caps, lower, number and length) but would fail because it is on the list.

Of course, we also require multi-factor for any access from a non-work device

Responses:

where I work started two-factor requirements at the end of 2019, then promptly dropped them in 2020 when everyone went to working from - tRuMAN Mar 31, 09:55 1
- oof -- nm - oblique Mar 31, 10:01
I'd love a stoppage of periodic password resets. Its always on a Friday and I forget it over the weekend. -- nm - Pippy Mar 31, 09:27 2
- write it down on a sticky note and put it on your monitor so you don't forget come Monday -- nm - decline Mar 31, 09:33
- Hey, I'm always available, but I prefer you contact me in the mornings. -- nm - Tech Support Rooster Mar 31, 09:29

Post a message top

LIR: Pippy. We stopped doing periodic password resets. Now I just check the passwords against the "Have I Been Pwned" list of compromised passwords

Replies are disabled on threads older than 7 days.