The Lounge is rated Safe For Work. If you're about to post something inappropriate for a shared office environment, then don't post it. No ads, no abuse, and no programming questions. Trolling, (political, climate, religious or whatever) will result in your account being removed.
You are right, to a point. I think two things: make passwords at least 16 chars long and change passwords maybe once a year.
Government can give you nothing but what it takes from somebody else. A government big enough to give you everything you want is big enough to take everything you've got, including your freedom.-Ezra Taft Benson
You must accept 1 of 2 basic premises: Either we are alone in the universe or we are not alone. Either way, the implications are staggering!-Wernher von Braun
I just looked at this a few days ago. My employer makes us change it every 42 days and remembers the last 26 passwords! I suggested to the devops guy that we change it. He inherited it and is open to change. I found two links in reference to the PCI guidelines (as we need to be PCI compliant) that state that they can go as old as 90 days. So that is my suggestion. I also suggested that it doesn't remember 26 old passwords. We'll see if updates happen, but I feel your pain!
Based on quick math, I'm about 40 passwords in at this job.
ask the clients IT dept to change your email to a forwarder to another email address on a sane system.
best is your own domain if you have one - if they moan about security you can honestly say you 100% control access.
Myself I registered a domain and pay the annual fees (domain, hosting) and it's only used for my own email (too lazy to do a page so website forever says "under construction.") For a few dollars a month handy coz I can add as many email addresses as I like (including temp for 1 time registration then remove to avoid spam), manage spam filters and even for testing apps that send emails.
Signature ready for installation. Please Reboot now.
they are. But you can always find out how many passwords they look back and compare and change it back. Write a powershell script that does it. say that they only checked the last five. So change it six times and then back to the original. Set it to run at the first of the month. good to go.
To err is human to really mess up you need a computer
If the policy is too strict, then people just write it on a piece of paper and stick it on their monitors. And they usually just substitute one character when they are forced to change it every 8 weeks.
Password management is more complicated than that - and it inevitably suffers from being distilled down to what the end user can understand.
Password length is usually set to a period and length that exceeds the time a given computer can brute force the password. In other words - if a reasonable adversary can crack the password on a fast PC in 30 days, then either the password needs to be longer, or you need to change it sooner. Of course - explaining this to people can be complicated - and enforcing complex rules for passwords like, if it's 8 characters it needs to be changed every 10 days, and if it's 9 characters then every 30 are also not possible on most systems.
So people try to generalize.
If you explain to them for example that you have 15 character passwords, and cracking them brute force is just not practical - you have processes to change them when key people who know the password leave, (or if the crypto were to be broken), then perhaps you could have your approach risk accepted. In practice this will probably save you a lot of effort - and you will end up with better passwords as well.
So Yesterday , we had a small function from Workplace which was celebrating a successful product launch and completion for 5/10 years of few employees etc. The main idea was a informal meeting of colleagues and good food. The invitation said "Business Casual".
Well When I arrived at the venue, I was one of the 3 guys who were in Business casual. Kakhi pants/ Long sleeve shirt or similar lines. Rest of the people were in suit and 100% formal.
So my question is Business casual too much fuss? Or formal suit is also considered business casual?
Too much of good is bad,mix some evil in it