• A_Random_Idiot@lemmy.world
    link
    fedilink
    English
    arrow-up
    14
    ·
    edit-2
    2 months ago

    I never understood the purpose of this.

    Unless you are REAL stupid levels of lucky to have one of the mandatory password changes the day after a compromise that you werent aware of, all mandatory regular password changes do is make people use less secure passwords.

      • cashew@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        edit-2
        2 months ago

        “Security theatre” is what I’ve named the contact in my work phone for the call center I have to call every time I accidentally use the “one time password” more than once (because god forbid they implement proper SSO, meaning I have to do a shotgun login run every morning). When I call them all I tell them is my name and that my account is locked.They click a button and we’re back. Complete waste of time on everyone’s part.

    • treadful@lemmy.zip
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      Technically it reduces the window for a successful brute force.

      That said, it comes with serious drawbacks. Mainly making them impossible to memorize, so then users end up just writing them on post-its and putting them on their monitor. Or other equally dumb things.

    • mcx808@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      Once upon a time it was a recommended best practice both by NIST and Microsoft if I recall. Both deprecated that practice years ago but most a lot of institutional inertia keeps it going, plus industry standards based on that time that don’t update as often perpetuate the problem.