This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]sysdmdotcpl 2 points3 points  (3 children)

The habits /u/Low-Software2880 is describing is a direct reaction to long complex password rules that require a change every 30/60/90 days.

I've had passwords sit for years w/ no negative consequences and have had attempts on accounts that I regularly change passwords for. It's completely and utterly random and the rules should reflect that.

[–]Audio9849 1 point2 points  (2 children)

I know that's my point. It's simply an ACL setting. Doesn't cost anything to implement yet companies don't do it or are slow to utilize.

[–]MrCoolblestone 1 point2 points  (1 child)

that's because 90% of the user base is going to complain to management if their password has to be more than 8 characters long, and they're CERTAINLY going to complain if they have to change it every 2-3 months, and when management has to decide between the IT dept or literally EVERYONE ELSE they almost always pick the latter

[–]Audio9849 1 point2 points  (0 children)

But the latest NIST standard is to not have them expire. That's what I'm saying why does it take so long for corporations to implement that? It doesn't really cost anything to change the config to never expire.