**Tim** @ticoombs@fosstodon.org · 2018-09-26T08:18:58Z

Tim @ticoombs@fosstodon.org

Today I found out my mates company's implemented a "security" change. They are making people change their passwords ever 90 days.

*Audible groan*

Why do people not see the issues? They have had 40 tickets opened in the past week from this.

#security #password #failure

Sep 26, 2018, 08:18 · Tusky · · ·

**Kev Quirk** @kev@fosstodon.org · Sep 26, 2018, 10:41

**Kev Quirk** @kev@fosstodon.org · Sep 26, 2018, 10:41

Sep 26, 2018, 10:41

Kev Quirk @kev@fosstodon.org

@ticoombs sooooo people will just make sure their password ends with a number and iterate that number for every change. Regular password changes are pointless. They force people in to using simpler passwords as they know its a temporary thing.

As you quit rightly said...*sigh*.

**AsteroidMiner** @AsteroidMiner@linuxrocks.online · Sep 26, 2018, 11:35

**AsteroidMiner** @AsteroidMiner@linuxrocks.online · Sep 26, 2018, 11:35

Sep 26, 2018, 11:35

AsteroidMiner @AsteroidMiner@linuxrocks.online

@kev @ticoombs
Agreed. Studies have shown that it's a security vulnerability for employees to continually change their passwords this way, but companies don't care? Think their way is right? I don't know, but for someone who worked in IT for a few years, it gives me a headache.

**Jim Cheetham** @jim@mastodon.nzoss.nz · Feb 18, 2019, 22:09

**Jim Cheetham** @jim@mastodon.nzoss.nz · Feb 18, 2019, 22:09

Feb 18, 2019, 22:09

Jim Cheetham @jim@mastodon.nzoss.nz

@ticoombs They are operating under the assumption that every 180 days *someone* is stealing their backend password database, and they don't know who.

Resources

Developers

What is Mastodon?

fosstodon.org

More…