this post was submitted on 27 Jul 2023
1472 points (98.2% liked)
Memes
45668 readers
965 users here now
Rules:
- Be civil and nice.
- Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
And despite security recommendations, too many IT depts still force password resets every 90 days...
And people confronted with this change their password from "p@55w0rd!1" to "p@55w0rd@2". Yep extra-secure!
It could be for contractual or for insurance reasons. We have some contracts with government agencies that require it, and our cyberinsurance also does. Even though NIST has been recommending for years to do long passphrase + MFA and no reset unless you suspect compromise.
So yeah, the reason behind this might not be just plain incompetence.
Doesn't that just mean it's the government agencies and insurance that are incompetent?