Can confirm when I found out I'd be required to regularly change my password the security of it went down significantly. At my current job when I was a new employee I generated a secure random password and spent a week memorizing it. 6 months later when I found out I was required to change it, I reverted to a variation of the password I used to use for everything years ago with some extra characters at the end that I'll be rotating with each forced change...
replyI do the same but write the number at the end of the password on the laptop in sharpie. I work from home so I've been thinking about making a usb stick that simulates a keyboard with a button to enter the password.
replyDangerous. You might accidentally press the button in a group chat.
replyThey would then have an excuse to get one of those mission control button covers.
replyWhy not make use of a password manager?
replyYou can’t open the password manager until your computer is unlocked.
replyYou can put the password manager on your phone or another device.
replyand now you’re violating a different policy.
replyI'm not pulling my phone out every time I have to unlock my computer at work. If IT wants my work account to be secure they should change their policies.
replyAs discussed here, the policy is from outside the org.
replyUnfortunately, lots of end users refuse to read the password policy and won't understand why their password reset interval is "random" or shorter than their colleague's.
reply