this post was submitted on 21 Nov 2024
1450 points (97.7% liked)

memes

10454 readers
2536 users here now

Community rules

1. Be civilNo trolling, bigotry or other insulting / annoying behaviour

2. No politicsThis is non-politics community. For political memes please go to [email protected]

3. No recent repostsCheck for reposts when posting a meme, you can only repost after 1 month

4. No botsNo bots without the express approval of the mods or the admins

5. No Spam/AdsNo advertisements or spam. This is an instance rule and the only way to live.

Sister communities

founded 1 year ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 16 points 6 days ago* (last edited 6 days ago) (3 children)

I don’t blame anyone for forgetting their password—it’s a dumb system, having to memorize 100 separate 16-digit randomly generated base64 codes that change once a month. However, I do blame them for not using a password manager, and I do blame them for making their problems other people’s problems.

[–] [email protected] 6 points 6 days ago (1 children)

Ours isn't like that at all. They dont even have to change it every three months. The insecurity is crazy here and they still can't remember the same password they've had since before I started working here.

[–] [email protected] 10 points 6 days ago

Forcing password changes too frequently is actually a security risk, as it encourages bad practices like re-use, iteration, keyboard walks and writing the passwords down.

There are reasonable limits to impose on this, and educating users with demonstrations such as haveibeenpwned have been highly effective in my experience.

[–] [email protected] 2 points 6 days ago

I was against you until password manger. good save. I login to dozens of systems every day, I remember 2 passwords, all others are 16 character gibberish.

[–] [email protected] 1 points 6 days ago

However, I do blame them for not using a password manager

Managing the passwords in your password manager becomes a job in and of itself when you've got enough of them floating around. My office is on year two of trying to do automatic password rotation for the myriad of service accounts in our systems. Anything that's not Active Directory integrates is a headache. And even the ones that are have to constantly stay ahead of the Microsoft Updates curve or run into security problems of all sorts.

It would be cool if everything could be SSO, but you need to have a certain amount of faith in your OS to accomplish that.