this post was submitted on 20 Aug 2024
591 points (98.8% liked)

Cybersecurity - Memes

1975 readers
2 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
 

This practice is not recommended anymore, yet still found in many enterprises.

you are viewing a single comment's thread
view the rest of the comments
[–] esc27@lemmy.world 6 points 3 months ago (9 children)

Never is too long. Monthly is way to short. I like the idea of doing it yearly in conjunction with other it security awareness and training campaigns.

[–] RecluseRamble@lemmy.dbzer0.com 10 points 3 months ago* (last edited 3 months ago) (3 children)

Never is too long.

Why? Frequent password changes have been shown to result in weaker passwords. What's wrong with keeping a strong one indefinitely? I mean an actual strong one not one character more than what's currently bruteforceable.

[–] CompN12@lemmy.frozeninferno.xyz -1 points 3 months ago (1 children)

Forever is vulnerable to phishing attacks, same reason why monthly is getting discouraged. Monthly is weaker because the average person does slight variation, which attackers LOVE.

[–] RecluseRamble@lemmy.dbzer0.com 3 points 3 months ago

Frequent password changes don't protect against phishing.

And while a high frequency like monthly changes will probably result in even weaker passwords, also yearly changes will make people choose weak passwords.

load more comments (1 replies)
load more comments (6 replies)