14
devs
8y

A lot of larger companies seem to be a happy about forcing employees to change their password every three months or so. They do it for security measures so that it is more difficult to break through the system, however most people end up making the worst passwords.
Instead of forcing a very good password on them every year or two maybe, they all end up having passwords like: "Summer16", "Qwer1234", "London15".
I used to work for our national police, and this was the case there as well...

Comments
  • 2
    I worked in a school and we had an auditor in and I tried to explain this to him but he wasn't having any of it. I told him I'd SEEN people writing passwords down and putting them in their draw but he still wouldn't budge.
  • 4
    Amd that's why there should be four hundred seventy three password rules, so it is safe again!
  • 1
    @RichSouth A good password that's written down is better than a bad password.
  • 0
    @spongessuck even if it's store in a drawer next to the PC to a computer that has access to a bunch of children's personal contact details?
  • 0
    And, a strong pasword is not a mix of different characters, it's a long password that makes brute forcing difficult.
  • 1
    I know that some companies have legacy systems that are limited in pw length, so all pw lengths are restricted to that legacy system. But I agree that having a better longer pw you can keep for a year would make more sense. But isn't social engineering usually easier than brute force, these days?
  • 0
    One of the systems at the company I work for is forcing you to set up a new password every 30 days. And you can just use the password you're using already (it's not checking if old and new passwords are the same)
Add Comment