I don't think mandatory new passwords every 30 days works. Here's why.
We have a password that won't save itself to IE that we use for the on-line recording of our hours at work. So I have to type it in each time. Fantastic! That means I'll memorize it.
There were restrictions for the password. You had to have capital and lower letters, a number, an odd character like #, $, %, ^, & and so forth and it had to be a certain length.
My password was "NATsemi@123". It fit all the requirements.
Now they're only good for 30 days thanks to the dipshit decision of some mert in IT several states away. Now, once a month, I have to change it to something completely new.
Well Christ! I couldn't just change it to "NATsemi@234" because that wasn't "unique enough." I'll let that howler ring clear and true for a moment. It wasn't unique "enough." It had to be completely different while still following the aforementioned laundry list of rules.
I'm not memorizing a new password every thirty days as wild as that, especially if forgetting it means I don't get paid. So I did what anyone reasonable would do -- I picked a new one and wrote it on my white board next to my computer. Anyone can now see that "LOVEcraft!890" is now my password.
So basically the moron who instituted this change-every-thirty-days policy got me to go from a password stored safely in my mind to one which is present on my whiteboard for anyone to use if suddenly they want to make me look like I put 80 hours in instead of 50.
Great work there.
Mandatory New Passwords
Moderators: AArdvark, Ice Cream Jonsey
-
Ice Cream Jonsey
- Posts: 30069
- Joined: Sat Apr 27, 2002 2:44 pm
- Location: Colorado
- Contact:
Mandatory New Passwords
the dark and gritty...Ice Cream Jonsey!
-
Lumbergh
-
chris
- Posts: 604
- Joined: Wed May 01, 2002 10:54 am
- Location: Hiding in the workshop
Re: Mandatory New Passwords
Sounds like somebody who has been in this industry for a LONG time came up with this rule. Such things were necessary 20 years ago, when no kind of encryption was normally used to transmit passwords around. These days, quality encryption systems do exist that negate the need for regular password changes.Ice Cream Jonsey wrote:I don't think mandatory new passwords every 30 days works. Here's why.
(snip)
So basically the moron who instituted this change-every-thirty-days policy got me to go from a password stored safely in my mind to one which is present on my whiteboard for anyone to use if suddenly they want to make me look like I put 80 hours in instead of 50.
-
Ice Cream Jonsey
- Posts: 30069
- Joined: Sat Apr 27, 2002 2:44 pm
- Location: Colorado
- Contact:
Exactly. My little lock button is on my browser. No sensitive information is being strewn about here, at least on an individual level.
I would think, anyway. Maybe some hacker working for The Competition wants to know how much Joe Engineer makes so he can hire him away. Great! I think you have a better shot at getting into his system if his timecard info is on his whiteboard and not in his head.
It sort of scares me that nobody vetoed this policy. Either people are too stupid or two scared or too unable to stop it from taking hold. None of which are particularly thrilling.
I would think, anyway. Maybe some hacker working for The Competition wants to know how much Joe Engineer makes so he can hire him away. Great! I think you have a better shot at getting into his system if his timecard info is on his whiteboard and not in his head.
It sort of scares me that nobody vetoed this policy. Either people are too stupid or two scared or too unable to stop it from taking hold. None of which are particularly thrilling.
the dark and gritty...Ice Cream Jonsey!
-
Jack Straw
- Posts: 1578
- Joined: Wed May 01, 2002 9:42 pm
- Location: R.O.C.