Password Rotation
2021-11-29 05:06:15.364072+01 by Dan Lyke 2 comments
I dunno who needs to hear this, but: NIST👊Special👊Publication👊800👊dash👊6👊3👊B👊has👊 recommended👊against👊enforcing👊password👊rotation👊since👊2016
2021-11-29 05:06:15.364072+01 by Dan Lyke 2 comments
I dunno who needs to hear this, but: NIST👊Special👊Publication👊800👊dash👊6👊3👊B👊has👊 recommended👊against👊enforcing👊password👊rotation👊since👊2016
comments in ascending chronological order (reverse):
#Comment Re: Password Rotation made: 2021-11-29 08:50:55.831405+01 by: spc476
I brought this up to our Corporate Overlord Chief Security Officer and it went nowhere, because we've always rotated our passwords. I'm not expecting it to change any time this decade.
#Comment Re: Password Rotation made: 2021-11-29 20:54:27.4564+01 by: Dan Lyke
Sigh. I'm reminded of this every time Facebook gives me an ominous "your account was accessed by an unrecognized user, you need to change your password!", and I do a minor change, and it turns out that the "unrecognized user" was that the automated spam reporting system thought that the picture of my cat shared into the "Floof Therapy" group was spam, or something.
Anyway, if someone's had my (on the order of 32 character) randomly generated password in the past few years, they can probably figure out how to permute that to the current incarnation because I'm sick of trying to wait for Firefox password sync to get to all of my devices, so my pattern is predictable.