• bufordt@sh.itjust.works
    link
    fedilink
    arrow-up
    33
    ·
    1 year ago

    It’s similar in IT. Almost no one recommends regular password changes anymore, but we won’t pass our audit if we don’t require password changes every 90 days.

      • bufordt@sh.itjust.works
        link
        fedilink
        arrow-up
        10
        ·
        1 year ago

        When we first switched to JD Edwards, it still sent the passwords in plain text, and our Oracle partner set up our weblogic instances over http instead of https.

        I had to prove I could steal passwords as just a local admin on a workstation before they made encrypting the traffic a priority.

    • InfiniWheel@lemmy.one
      link
      fedilink
      arrow-up
      7
      ·
      1 year ago

      A very non-techy relative works in a company that requires password changes every month. At this point his passwords are just extremely easy to guess and basically go like 123aBc+ and variations of it.

      Yeah, no clue how that caught traction.

      • ddh@lemmy.sdf.org
        link
        fedilink
        arrow-up
        8
        ·
        edit-2
        1 year ago

        Our IT department won’t allow password managers. Their current stance on what we should do instead is “Uh, we’re working on it”. So everyone at work uses weak passwords and writes them down in notepad. headdesk

      • Corkyskog@sh.itjust.works
        link
        fedilink
        arrow-up
        4
        ·
        1 year ago

        I never understood why this caught on, you even see it recommended for personal applications… which is just stupid. The only reason it existed in the first place is because of concerns of shoulder lookers.