Programmer Humor

32411 readers

530 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

Posts must be relevant to programming, programmers, or computer science.
No NSFW content.
Jokes must be in good taste. No hate speech, bigotry, etc.

founded 5 years ago

MODERATORS

[email protected]

993

"why would i change my passwords?" (pawb.social)

submitted 1 year ago by [email protected] to c/[email protected]

58 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 1 year ago (3 children)

Oh really? How come?

[–] [email protected] 9 points 1 year ago* (last edited 1 year ago)

NIST removed password expiration from their recommendations in 2020. Instead they recommend only forcing password changes when compromise is suspected.

The main argument is that they do not make users or systems demonstrably safer and encourage bad password habits.

[–] [email protected] 6 points 1 year ago

I would imagine most users change their password by only 1 character, and maybe even in sequential order.

When time comes to change the password, it becomes password1234 instead of password123. Or password234. Something easy to remember, most users don't care about best security practices, and changing to a similar password is very convenient. Especially if it's "only" for work stuff

[–] [email protected] 2 points 1 year ago

The original idea was that you would take how long it took to brute-force a password, then require the password be changed before that. But we have better hashing now, like bcrypt, where you can tune it so that brute forcing anything would take 100s of years.