• Dubious_Fart@lemmy.ml
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      1 year ago

      It was never best practices for anyone who had common sense.

      It just forced people to make insecure, easy to remember passwords, cause they were gonna be changed in again soon so why make it complicated and hard to remember.

        • pezhore@lemmy.ml
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Psh… That’s amateur, I just keep incrementing the number at the end ‘password1’, ‘password2’, etc. Gotta fool the password reuse counter!

      • poop@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        3
        ·
        1 year ago

        Encourages users to just add a rotating number or other not too secure thing to their password. I know that’s what I did when I worked somewhere with that dumbfuck policy.

        • fadedmaster@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          6
          ·
          1 year ago

          Yep. My least secure password is the one I use at work because I’m restricted to 9-12 characters, can’t be sequential forwards or backwards including keys next to each other (abc, 123, qwerty), can’t begin with a number, must contain at least three numbers, must be at least four characters different from your last twelve passwords, and must be changed every 90 days. Oh and it can’t include your first or last name.

          Most of my coworkers just use a family members name and then change a few numbers at the end and keep a post it note at their desk with the numbers so they don’t forget it.

      • vzq@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        6
        ·
        edit-2
        1 year ago

        NIST removed password expiration from their recommendations in 2020. Instead they recommend only forcing password changes when compromise is suspected.

        The main argument is that they do not make users or systems demonstrably safer and encourage bad password habits.