Okay if you use a password manager, don't you still have to remember your phone lockscreen and also computer passwords? How do you make this password thing as simple as possible?

edit-2 6 hours ago

Okay if you use a password manager, don't you still have to remember your phone lockscreen and also computer passwords? How do you make this password thing as simple as possible?

njordomir@lemmy.world · 5 hours ago

At a job I hated, they made us change passwords often. It was quite irritating. I also think it was counterproductive because something like fuckcorporate!666 is likely more susceptible to a dictionary attack than a carefully chosen password rotated less frequently.

Scott 🇨🇦🏴‍☠️@sh.itjust.works · 9 minutes ago

I bet half your co-workers have a post-it stuck to their monitor.

baggachipz@sh.itjust.works · 3 hours ago

At my job now, we have to change our password so often with such onerous requirements (16 char, alphanumeric, at least one upper case, at least one lower case, at least one symbol, no repeating characters) that I have to store my work password in my personal password manager with much more lax requirements. What the fuck kind of security is that?

woodytrombone@lemmy.dbzer0.com · 2 minutes ago

If you have any voice with your Security department, you can tell them that rotating passwords are counter to NIST SP 800-63B (Section 10.2.1) guidance:

Do not require that memorized secrets be changed arbitrarily (e.g., periodically) unless there is a user request or evidence of authenticator compromise.

MufinMcFlufin@lemmy.world · 3 hours ago

Security theater in action.

bluGill@fedia.io · 4 hours ago

Rotating passwords are less secure pecause people chorse a short password and then append an incrimenting number. Thus if it leaks for any reason the attacker knows them all.

If you only force rotation after a known breach (that you admit to) people choose a new - good - pasword. Make sure the source of the breach is fixed though or people will give up when it happens too often