• A_Random_Idiot@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    edit-2
    2 months ago

    I never understood the purpose of this.

    Unless you are REAL stupid levels of lucky to have one of the mandatory password changes the day after a compromise that you werent aware of, all mandatory regular password changes do is make people use less secure passwords.

      • cashew@lemmy.world
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        2 months ago

        “Security theatre” is what I’ve named the contact in my work phone for the call center I have to call every time I accidentally use the “one time password” more than once (because god forbid they implement proper SSO, meaning I have to do a shotgun login run every morning). When I call them all I tell them is my name and that my account is locked.They click a button and we’re back. Complete waste of time on everyone’s part.

    • mcx808@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      2 months ago

      Once upon a time it was a recommended best practice both by NIST and Microsoft if I recall. Both deprecated that practice years ago but most a lot of institutional inertia keeps it going, plus industry standards based on that time that don’t update as often perpetuate the problem.