• 0 Posts
  • 4 Comments
Joined 1 year ago
cake
Cake day: June 20th, 2023

help-circle

  • FWIW: these types of password rules are discouraged by NIST -

    1. Eliminate Periodic Resets

    Many companies ask their users to reset their passwords every few months, thinking that any unauthorized person who obtained a user’s password will soon be locked out. However, frequent password changes can actually make security worse.

    It’s difficult enough to remember one good password a year. And since users often have numerous passwords to remember already, they often resort to changing their passwords in predictable patterns, such as adding a single character to the end of their last password or replacing a letter with a symbol that looks like it (such as $ instead of S).

    So if an attacker already knows a user’s previous password, it won’t be difficult to crack the new one. The NIST guidelines state that periodic password-change requirements should be removed for this reason.