this post was submitted on 20 Aug 2024
600 points (98.9% liked)

Cybersecurity - Memes

1935 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
Sam1232188@lemmy.world
neurohost@lemmy.world
Alphadef@programming.dev
CannaVet@lemmy.world
600
Your password has expired (feddit.org)
submitted 1 month ago* (last edited 1 month ago) by cron@feddit.org to c/cybersecuritymemes@lemmy.world
86 comments fedilink hide all child comments
 

This practice is not recommended anymore, yet still found in many enterprises.

you are viewing a single comment's thread
view the rest of the comments
[–] cron@feddit.org 21 points 1 month ago

The most prominent source is NIST, which states:

Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator. (source)

I found an explanation on a different site:

It’s difficult enough to remember one good password a year. And since users often have numerous passwords to remember already, they often resort to changing their passwords in predictable patterns, such as adding a single character to the end of their last password or replacing a letter with a symbol that looks like it (such as $ instead of S).