this post was submitted on 27 Sep 2024
900 points (99.0% liked)

Programmer Humor

32716 readers
649 users here now

Post funny things about programming here! (Or just rant about your favourite programming language.)

Rules:

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 97 points 2 months ago (1 children)

Current IT best practice is that passwords should never expire on a set schedule, but they should expire if there is evidence they've been breached.

[โ€“] [email protected] 19 points 2 months ago

Legit, my old job required a 90-day change, and I once logged into a system I could do monetary damage on with ease, because I took a guess at my manager's password based on how long it had been since he told it to me during an emergency.

He did what every single person I spoke to did. "password 01" changed to "password 02" and I just tried twice, and sure enough he had changed it three times since he had told me.

While I wouldn't be ruining the company as a whole, I could have easily fucked over the individual location because scheduled password changes just ensure people use predictable passwords.