this post was submitted on 20 Aug 2024
600 points (98.9% liked)

Cybersecurity - Memes

1989 readers
2 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
 

This practice is not recommended anymore, yet still found in many enterprises.

(page 2) 36 comments
sorted by: hot top controversial new old
[–] slazer2au@lemmy.world 3 points 3 months ago

Glad we are Passwordless. Now none knows me password.

[–] DeviantOvary@lemmy.world 3 points 3 months ago (5 children)

We have three month password expiry policy on AD accounts, but the requirements aren't extreme. We'd do away with it, but then we have our own CEO writing their password down on a piece of paper and giving it to us to troubleshoot their laptop (we have admin accounts for a reason ffs), after being repeatedly told not to, forcing employees to rotate their passwords suddenly doesn't sound too crazy. People are just way too irresponsible sometimes. Plus, we need to have it for certifications, so there's that.

load more comments (5 replies)
[–] Sibbo@sopuli.xyz 2 points 3 months ago (2 children)

Any source about why changing a password regularly is not recommended?

load more comments (2 replies)
[–] lugal@lemmy.ml 2 points 3 months ago

I've got this email today but I have some days left, I think

[–] AFC1886VCC@reddthat.com 2 points 3 months ago

!=bfVzh5k&nbsA|+|ZuFc=k25D5zUQ*34QDjK gang

[–] yogurtwrong@lemmy.world 2 points 3 months ago

TOTP and KeePassXC is a blessing

I wish every system ever supported TOTP

[–] Etterra@lemmy.world 1 points 3 months ago (1 children)

Yeah, but I'm more used to them saying "occasional overtime" when they mean "5-10 hours mandatory overtime, unless it's actually busy, because we refuse to hire enough people to fill all the open positions." Because there's nothing smarter than giving all your sales staff enormous bonuses while the grunts on the floor are over 6 months behind for lack of adequate staffing.

[–] zewm@lemmy.world 1 points 3 months ago

Did you reply to the wrong post?

[–] itsgroundhogdayagain@lemmy.ml 1 points 3 months ago

My work password is my weakest password. It's still pretty good though.

[–] boredsquirrel@slrpnk.net -3 points 3 months ago* (last edited 3 months ago) (7 children)

Max. 16 characters

(Still remember: if they have a password length limit, they store the password in plain text! If they do that in the backend. They can do that in the frontend too, in the browser with javascript, which is safe.)

[–] dQw4w9WgXcQ@lemm.ee 1 points 3 months ago (1 children)

Why would you say that? Services are able to require special characters, variable casing and numbers. Why would the reqirement of max length of the password cause the storage to succumb to plain text?

[–] boredsquirrel@slrpnk.net 1 points 3 months ago

This simply depends on if they do that in the browser with Javascript (good) or on the backend.

So yes, the statement that I copied from someone else is not always true.

load more comments (6 replies)
load more comments
view more: ‹ prev next ›