588
submitted 3 months ago* (last edited 3 months ago) by cron@feddit.org to c/cybersecuritymemes@lemmy.world

This practice is not recommended anymore, yet still found in many enterprises.

you are viewing a single comment's thread
view the rest of the comments
[-] ITGuyLevi@programming.dev 1 points 2 months ago

Have you considered scripting it? For a while I worked at a place that required changing passwords every 60 days and it couldn't have been one of your previous 24 passwords. When checking out the policy I noticed there was no minimum password age so a quick for loop later and Bob becomes your mother's brother. Quickly cycling through 24 random passwords and back to my secure one and no more just adding the month/year.

Of course I reported it to cyber and about a year later they added a minimum age, now I'm hoping to get them to address an issue in AD that sidesteps changing passwords (though that one may be around for a while).

[-] ObsidianZed@lemmy.world 2 points 2 months ago

Unfortunately I don't think that's possible for my situation. Most of my passwords require logging into a portal and accepting terms of agreements.

[-] ITGuyLevi@programming.dev 1 points 2 months ago

Yeah, future me wonders why I even suggested it, I'm sure it probably violates the spirit of password change requirements.

[-] ObsidianZed@lemmy.world 2 points 2 months ago

I mean it's a clever solution for those without password manages. Plus most of the suggestions in these comments violate the spirit of password change requirements.

this post was submitted on 20 Aug 2024
588 points (98.8% liked)

Cybersecurity - Memes

1893 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS