Today I found out my mates company's implemented a "security" change. They are making people change their passwords ever 90 days.

*Audible groan*

Why do people not see the issues? They have had 40 tickets opened in the past week from this.

@ticoombs sooooo people will just make sure their password ends with a number and iterate that number for every change. Regular password changes are pointless. They force people in to using simpler passwords as they know its a temporary thing.

As you quit rightly said...*sigh*.

@kev @ticoombs
Agreed. Studies have shown that it's a security vulnerability for employees to continually change their passwords this way, but companies don't care? Think their way is right? I don't know, but for someone who worked in IT for a few years, it gives me a headache.

@ticoombs They are operating under the assumption that every 180 days *someone* is stealing their backend password database, and they don't know who.

Sign in to participate in the conversation

Fosstodon is a Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.