IT/Computer saaaaaavy people...

[Sue]

aaaaaaaand.....


My office software updated and now I have to change the password what appears to be every 30ish days. (maybe it's been longer, can't be more than two months)

Now when I log in a pop up appears and says "your password will expire in 15 days..." and each day thereafter there is a count down. Every time I log out/log in, every day So basically I have to change it all the time.


/end of stupid useless rant.

[apeters89]

I've argued many times that overzealous password policies are the #1 security risk within large companies.

[Dieselmh]

Quote:

Originally Posted by apeters89

I've argued many times that overzealous password policies are the #1 security risk within large companies.

It's a double edged sword. Don't make the users change them and pretty soon everyone knows everyone's password because they had to log in to help them out or something like that. Make them change them too often and they write them down, usually in plain sight or very poorly hidden.

[Bluetick]

I've got people working here, if it's more than a 5 letter word they can't remember it. Throw in anything else and their out for the count.

The old line of use a song or phrase and use the first letters of the words and toss in numbers and symbols.

mgtlls* my god they look like stars

Phone call I once had went something like this.

What's my password to blank blank site?

I don't know but I know they send the new password in an email when you set a new one. Just look in your email.

OK what's the password to my email account? I forgot it too.

[atvobsession]

I'm a security specialist for PeopleSoft....you have to balance password change forces and none at all. None at all is NOT a good security strategy, changing every 30 days is too aggressive.

I have my top secret clearance and have worked at DoD and DoS....passwords there are 13 characters, must have mixed case, 2 numbers and 2 special characters, and NO WORDS IN THE DICTIONARY are allowed. Passwords there last a reasonable, 90 days.

Yes..it's a pain...but you just manage it.


And yes...HIPPA compliance in the 90's caused your forced password changes and SSN removal.


RULE #1 in the password change business for end users...NEVER....change your password on a Friday! Wait till Monday, so you have all week to use it before you kill more braincells over the weekend.

[Sue]

GAH!

I have had to change a few since I last posted in this, but this time I got "that's too close to your old password" or some crap and had to think of something completely new. There's got to be a better way.

[Dieselmh]

Think of a song you like. Now take a line out of that song, something like

The itsy bitsy spider went up the water spout.

Now just use the first letters of the words and change the "I"s to "1"s and you get:

t1bswutws

easy enough to remember and meets the requirements of most places.

[Sue]

Quote:

Originally Posted by Dieselmh

Think of a song you like. Now take a line out of that song, something like

The itsy bitsy spider went up the water spout.

Now just use the first letters of the words and change the "I"s to "1"s and you get:

t1bswutws

easy enough to remember and meets the requirements of most places.

That's a good idea. I wished they all changed at the same time so I could have them be the same passwords. I was just adding on one different symbol on the end each time, but now it's saying it's too close to the old ones


EDIT: and you're such a dad itsy bitsy spider. LOLz

[87manche]

Quote:

Originally Posted by Sue

That's a good idea. I wished they all changed at the same time so I could have them be the same passwords. I was just adding on one different symbol on the end each time, but now it's saying it's too close to the old ones


EDIT: and you're such a dad itsy bitsy spider. LOLz

please don't use the same password for everything.

because once one account is compromised they all would be.

[Sue]

Quote:

Originally Posted by 87manche

please don't use the same password for everything.

because once one account is compromised they all would be.

I don't, but they are all kind of variations of each other. I suppose that's bad too? They're completely random, nothing simple or guessable

[87manche]

Quote:

Originally Posted by Sue

I don't, but they are all kind of variations of each other. I suppose that's bad too? They're completely random, nothing simple or guessable

variations are OK, as long as it's not all the same dictionary word with a different letter capitalized though.

I know people tha tuse the same password for facebook as they do online banking

and then they wonder how their checking account got raided and money gone.

That's not to say that I'm not guilty of that. I use the same password for not critical stuff like forum logins., but email, banking and anything that can be used to do real damage to your life or business should all have unique passwords.

[Sue]

Quote:

Originally Posted by 87manche

variations are OK, as long as it's not all the same dictionary word with a different letter capitalized though.

I know people tha tuse the same password for facebook as they do online banking

and then they wonder how their checking account got raided and money gone.

That's not to say that I'm not guilty of that. I use the same password for not critical stuff like forum logins., but email, banking and anything that can be used to do real damage to your life or business should all have unique passwords.

Ooof. Yeah, important stuff is way different than social site.

[Dieselmh]

Thread bump! I stumbled upon this site today, and thought it might be a pretty good solution for people who have to change their passwords regularly and want a "secure" way to keep them written down. If you can remember a symbol and a color, you can remember your password.

http://www.passwordcard.org/en

[COXJ94]

if you dodge a wrench, you can dodge a ball

[Sue]

Quote:

Originally Posted by Dieselmh

Thread bump! I stumbled upon this site today, and thought it might be a pretty good solution for people who have to change their passwords regularly and want a "secure" way to keep them written down. If you can remember a symbol and a color, you can remember your password.

http://www.passwordcard.org/en

Interesting, thanks. I might actually use that.



I almost bumped this the other day when two websites needed updated password had two different requirements (one couldn't use symbols, the other required a number and symbol, etc...)