• Rolling Resistance@lemmy.world
    link
    fedilink
    arrow-up
    22
    ·
    3 months ago

    My workplace has this common braindead policy where we have to change our passwords every 3 months. So every time I change it, Microsoft page asks me, “HOW WAS IT?”

    Like it wasn’t annoying enough.

    • A_Random_Idiot@lemmy.world
      link
      fedilink
      English
      arrow-up
      14
      ·
      edit-2
      3 months ago

      I never understood the purpose of this.

      Unless you are REAL stupid levels of lucky to have one of the mandatory password changes the day after a compromise that you werent aware of, all mandatory regular password changes do is make people use less secure passwords.

        • cashew@lemmy.world
          link
          fedilink
          arrow-up
          2
          ·
          edit-2
          3 months ago

          “Security theatre” is what I’ve named the contact in my work phone for the call center I have to call every time I accidentally use the “one time password” more than once (because god forbid they implement proper SSO, meaning I have to do a shotgun login run every morning). When I call them all I tell them is my name and that my account is locked.They click a button and we’re back. Complete waste of time on everyone’s part.

      • treadful@lemmy.zip
        link
        fedilink
        English
        arrow-up
        2
        ·
        3 months ago

        Technically it reduces the window for a successful brute force.

        That said, it comes with serious drawbacks. Mainly making them impossible to memorize, so then users end up just writing them on post-its and putting them on their monitor. Or other equally dumb things.

      • mcx808@lemmy.ml
        link
        fedilink
        arrow-up
        1
        ·
        3 months ago

        Once upon a time it was a recommended best practice both by NIST and Microsoft if I recall. Both deprecated that practice years ago but most a lot of institutional inertia keeps it going, plus industry standards based on that time that don’t update as often perpetuate the problem.

    • hardcoreufo@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      3 months ago

      So does mine, and we just got hacked. Almost like users make stupid passwords when required to change frequently.