Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
I feel you.
The 90 days rotation is actually pretty useless. Complexity rules are a "last resort" so people do not reuse passwords and do not choose the weakest ones possible
On contrast, teaching people the concept of e.g. passphrases and only change on suspected leak or abuse will result in strong passwords that people can remember.
Current recommendations by security standards organisations (NIST, BSI, ...) even do not recommend regular changing passwords anymore. -
I just went through HIPPA compliance, and their password requirements go against NIST.
I argued with the compliance officer that our policy was stronger and thus met the criteria, but we had to change it to a weaker policy or we would lose the compliance.
Now we're trying to get SOC2, and I can't wait to see what policies they invented! -
@AjDevNull ah. Tattoos.
-
@AjDevNull You can access it if you have it on another device; it can be annoying but works when you're aiming for good enough passwords. Although, in my situation (same company policy), I regenerate passwords that are short enough to store to muscle memory but not shit enough to be guessable by other people.
-
@Berkmann18 I get your point but it will be a bit difficult typing out a randomly generated alphanumeric pass accessible from a different device.
The underlying issue here is that over time people will get lax with their passwords if they change it long enough. -
@Fast-Nop Microsoft AD doesn't allow you to do that. The password validation checks for values that have previously been used.
-
@atheist Hahaha. You gat some jokes.
-
@Jedidja The validation does fuzzy matching I think to see if you have used a sequence of characters before.
-
@AjDevNull If I remember correctly, AD only remembers your last 8 passwords, so you really only need to rotate through that many (i.e. not keep inventing brand new ones).
-
@Bandic00t Oh I didn't know that. Cheers mate.
-
@Bandic00t The exact number depends on what the admin set. Usually, there is a minimum password age as well to prevent exactly that.
-
@sbiewald yeah, I was quoting defaults, though they seldom get overridden. YMMV.
-
@sbiewald Oh yea, I know about that. I thought AD only remembers the last 8 passwords. Thanks for the clarification.
when your code is a mess but everything work out in the end
Did you say security?
My work network AD password has to be changed every 90 days or so and it is really getting to me now. I'm beginning to run out of passwords to use and may soon have to resort to writing them down on a piece of paper and lock it somewhere.
I get why we need to change it often. What I don't like is the stupid validation rules AD uses to check passwords. It doesn't allow variations and you have to use something completely new.
I have only been in the job for about 8 months and I have had a nightmare experience updating my password recently as the synchronisation failed and I was locked out of my accounts for a day or 2 rendering my useless and having to call support for help.
How the he'll am I supposed to remember my passwords when I have to change them that often!!!
rant
security
password