Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
Three-month password rotation policies are horrible. My employer recently changed to 6 months after discovering that the more often we're forced to change passwords, the more often we forget them and the easier they tend to be hacked since people will make them as uncomplicated as possible in hopes of remembering them easier.
-
Not that password strength really matters any more as long as it's not laughably easy to crack. Phishing is the tool of choice nowadays and a secure password won't prevent that.
-
stop68673y@EmberQuill my company im currently working for has distinct domains with different rules. One ad domain with the user identity and the ldap domain just for the personal accounts for accessing servers as unprivileged. For root access we can't use sudo, but something that logs into the server instead of us directly. Normal account can take up to anythimg and the ldap domain can only change the password through an perl based website and only accepts certain special characters besides a-zA-Z0-9 and it needs to be ridicoulous long (longer than 15 chars)
-
I firml;y belive that forcing passowrd changes leads to weeker passowrd.
I was working in a company where passowrd change was required every month.
I ended with : year + month+day+random 2-3 digits.
Had to change password on computer for administrative reasons (sysadmins and infosec make us change our pass every quarter). Changes didn't sync to everything so now I can't even log into my computer.
Need to go to the office tomorrow so some guy can type in an admin password on my pc and do stuff to it. If that doesn't work I will just be given a new laptop.
Seriously fuck this week
rant