898
I live in a constant state of fear and misery
(lemmy.world)
Post funny things about programming here! (Or just rant about your favourite programming language.)
Current IT best practice is that passwords should never expire on a set schedule, but they should expire if there is evidence they've been breached.
Legit, my old job required a 90-day change, and I once logged into a system I could do monetary damage on with ease, because I took a guess at my manager's password based on how long it had been since he told it to me during an emergency.
He did what every single person I spoke to did. "password 01" changed to "password 02" and I just tried twice, and sure enough he had changed it three times since he had told me.
While I wouldn't be ruining the company as a whole, I could have easily fucked over the individual location because scheduled password changes just ensure people use predictable passwords.