this post was submitted on 28 Feb 2025
542 points (93.4% liked)

memes

12170 readers
2528 users here now

Community rules

1. Be civilNo trolling, bigotry or other insulting / annoying behaviour

2. No politicsThis is non-politics community. For political memes please go to !politicalmemes@lemmy.world

3. No recent repostsCheck for reposts when posting a meme, you can only repost after 1 month

4. No botsNo bots without the express approval of the mods or the admins

5. No Spam/AdsNo advertisements or spam. This is an instance rule and the only way to live.

A collection of some classic Lemmy memes for your enjoyment

Sister communities

founded 2 years ago
MODERATORS
Tenthrow@lemmy.world
The_Picard_Maneuver@lemmy.world
The_Picard_Maneuver@startrek.website
542
Take your passkey and shove it where the sun don't shine (lemmy.world)
submitted 2 days ago by cm0002@lemmy.world to c/memes@lemmy.world
172 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] Randelung@lemmy.world 16 points 2 days ago (1 children)

It's not for your security, it's for the company's. People suuuuuuuuck when it comes to credentials.

[–] NocturnalEngineer@lemmy.world 19 points 2 days ago* (last edited 2 days ago) (5 children)

My company insists on expiring passwords every 28 days, and prevents reuse of the last 24 passwords. Passwords must be 14+ characters long, with forced minimum complexity requirements. All systems automatically lock or logout after 10 minutes of inactivity, so users are forced to type in their credentials frequently throughout the day.

Yes people suck with creating decent credentials, but it's the company's security policies breeding that behavior.

[–] oatscoop@midwest.social 11 points 2 days ago

I don't get why people get upset at frequently expiring passwords. It's not hard: just write it on a postit note and stick it on your monitor.

[–] Tiger@sh.itjust.works 4 points 2 days ago

Tell them the NIST recommendations for password frequency changes have been really reduced in recent times because it pushes people into other bad password practices. Among all factors, changing the password frequently is the least important.

[–] lmmarsano@lemmynsfw.com 3 points 2 days ago

My company insists on expiring passwords every 28 days, and prevents reuse of the last 24 passwords. Passwords must be 14+ characters long, with forced minimum complexity requirements.

Outdated security practices & cargo culture. Someone should roll up a copy of NIST SP 800-63 to smack them over the head until they read it:

The following requirements apply to passwords:

  1. Verifiers and CSPs SHALL require passwords to be a minimum of eight characters in length and SHOULD require passwords to be a minimum of 15 characters in length.
  2. Verifiers and CSPs SHOULD permit a maximum password length of at least 64 characters.
  3. Verifiers and CSPs SHOULD accept all printing ASCII [RFC20] characters and the space character in passwords.
  4. Verifiers and CSPs SHOULD accept Unicode [ISO/ISC 10646] characters in passwords. Each Unicode code point SHALL be counted as a single character when evaluating password length.
  5. Verifiers and CSPs SHALL NOT impose other composition rules (e.g., requiring mixtures of different character types) for passwords.
  6. Verifiers and CSPs SHALL NOT require users to change passwords periodically. However, verifiers SHALL force a change if there is evidence of compromise of the authenticator.

Maybe ask them their security qualifications & whether they follow the latest security research & industry standards.

[–] greenskye@lemm.ee 4 points 2 days ago

Same. They also don't allow password managers and I have multiple systems that don't use my main password, so I have at least 5-6 work passwords for different systems.

Nobody can remember all that.

So everyone makes the simplest password they can (since it has to be regularly typed in) and writes it down somewhere so they don't forget it.

[–] Randelung@lemmy.world -1 points 2 days ago

And yet admin, 1234, test, etc. remain the most commonly 'hacked' passwords. Your company's policies may be annoying, but they certainly don't make you use unsafe passwords.