ST Alpha - "We have to change our passwords monthly -- nm" (Reading a Post)

SlickerTalk
Search Archives
The Leaderboard
The FAQ

Login
Create Account

Search Dr. S. Talk
TT/ST Wiki
How Well Do You Know ...

RSS Feed

Hosting by DigitalOcean

Support ST on Ko-Fi

Down to Post

Backboards:

Posts: 157

In response to "Something I never thought I would see: Received a company directive that all PW's must change be end of month due to a TSA mandate..." by Walt_Disney

We have to change our passwords monthly -- nm

Posted by Dano (aka dano) Aug 6 '21, 05:31

(No message)

Responses:

I think ours is 45 days. -- nm - spamlet Aug 6, 05:53
We never changes our passwords. I check all passwords against compromised lists and require changes when one appears. Frequent password changes are - oblique Aug 6, 05:43 17
- Frequent mandated changes are a good way to make me list my passwords where they're more likely to get scraped. - Max Aug 6, 07:48
- I assume that requiring frequent password changes promotes the use of easily hackable patterns. -- nm - Dano Aug 6, 06:05 9
  - *increments his previous password by 1* -- nm - znufrii Aug 6, 06:28
  - Yes and also writing down passwords and sticking them to your monitor :) -- nm - oblique Aug 6, 06:08 7
    - All these methods fail if a hacker with eidetic memory poses as a delivery guy and walks through the offices memorizing passwords as people type them -- nm - decline Aug 6, 06:12 5
      - Heh....seen a few security webinars where this sort of scenario is shown. We can use digital stickies but no physical stickies. -- nm - Walt_Disney Aug 6, 06:15
      - Who lets the delivery person into the secure access area?! -- nm - ty97 Aug 6, 06:14 3
        
        All you need to get in most buildings is a clipboard and a confident wawve -- nm - oblique Aug 6, 06:21 2
        
        don't forget the orange reflective vest. -- nm - Reagen Aug 6, 06:46
        
        seen that same scenario in our security webinars also. If you look like your belong and are confident, you can get so many places -- nm - Walt_Disney Aug 6, 06:37
    - Just put it under your keyboard instead, no one will ever think to look there -- nm - ty97 Aug 6, 06:09
- I have seen a couple of e-mails about having passwordless access in the future and using PIN or biometric access. -- nm - Walt_Disney Aug 6, 05:58 2
  - Yeah. We require two factor for any access off our own computers or network -- nm - oblique Aug 6, 06:01 1
    - We have two factor on top of our two factor on top of another two factor. -- (edited) - Inigo Aug 6, 06:12
- yeah, we stopped forcing password changes awhile back -- nm - decline Aug 6, 05:56
- I wish we'd move to something like this. Get everyone to xkcd-like passwords and let them stay there. -- (edited) - Inigo Aug 6, 05:55 1
  - correct. horse battery staple -- nm - oblique Aug 6, 06:22
We have a 90 day policy, but some kind of password change requirement is pretty standard. Especially in the government or working with the government. -- nm - Inigo Aug 6, 05:35 7
- My IT guy several companies ago said “By all means write it down and stick it to your monitor. I’m not worried about people here knowing it.” -- nm - mafic Aug 6, 05:43 5
  - Yeah, unless you're worried about literal bad guys breaking in to the office or co-workers sabotaging you, I don't see the harm. -- nm - Inigo Aug 6, 05:51 3
    - If someone would like to break in and hack my computer and work my files that would be swell -- nm - Pippy Aug 6, 06:36
    - the co-workers are the problem. So many insider threats. -- nm - ty97 Aug 6, 05:53 1
      - He may have said wallet, but it was also a small company. They had plenty of sensitive IP, but I’d be surprised if anyone tried to steal it. - mafic Aug 6, 06:33
  - *heart palpitations* -- nm - ty97 Aug 6, 05:50
- Even though regular password changing does basically nothing to increase system security. - Cuzzin Todd Aug 6, 05:38

Post a message top

Replies are disabled on threads older than 7 days.