this post was submitted on 24 Jun 2024
440 points (97.8% liked)

Asklemmy

43905 readers
1381 users here now

A loosely moderated place to ask open-ended questions

Search asklemmy ๐Ÿ”

If your post meets the following criteria, it's welcome here!

  1. Open-ended question
  2. Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
  3. Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
  4. Not ad nauseam inducing: please make sure it is a question that would be new to most members
  5. An actual topic of discussion

Looking for support?

Looking for a community?

~Icon~ ~by~ ~@Double_A@discuss.tchncs.de~

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[โ€“] my_hat_stinks@programming.dev 47 points 4 months ago (2 children)

Good luck remembering them all, also change them all every 30 days, so here are my secrets.

Password expiry hasn't been considered best practice for a long time (must be at least a decade now?) largely because of the other points you mentioned; it leads to weak easily memorable passwords written somewhere easily accessible. Even when it was considered good 30 days would have been an unusually short time.

Current advice is to change passwords whenever there's a chance it's been compromised, not on a schedule.

[โ€“] librejoe@lemmy.world 2 points 4 months ago

well, the only solution for that is to use a password generator based on length and complexity. I have used it once and am considering using it for all my accounts with each its own password. I live in a safe place so having them written down is not really an issue.

[โ€“] Bytemeister@lemmy.world -1 points 4 months ago (1 children)

For absolutely best security, you would change your password to a new, extremely long, randomly generated character string every time you logged in. What the best security options are, and what users are willing/able to put up with has a very small, if any overlap.

As for writing them down, my advice is to obfuscate them. Apply your own secret code to the password, hide it in a poem, get creative. Once an attacker is at your desk, they pretty much own your shit. At that level, the only thing your password is providing is privacy, not security.

Your security is only as good as the weakest link, which is usually people. If your password policy encourages users to stick a note to their screen then your weakest link is anyone in the office deciding to take a selfie or joining a call with their camera on. Best practices balance security with what users are actually willing to do.