Interesting, stopped seeing this a while back. Forced change after the inevitable hack though of course
Comment on Anon witnesses excellent security
AllHailTheSheep@sh.itjust.works 3 weeks agoI hate sites that make me constantly change passwords. it’s been shown time and time again that making users change passwords often decreases security by a pretty large factor, and yet a lot of sites still do it
brbposting@sh.itjust.works 3 weeks ago
Object@sh.itjust.works 3 weeks ago
Could be because OWASP now actively recommends against periodic password changes.
Ensure credential rotation when a password leak occurs, at the time of compromise identification or when authenticator technology changes. Avoid requiring periodic password changes; instead, encourage users to pick strong passwords and enable Multifactor Authentication Cheat Sheet (MFA). According to NIST guidelines, verifiers should not mandate arbitrary password changes (e.g., periodically).
MrsDoyle@sh.itjust.works 3 weeks ago
Our workplace did that. You had to change every month and you weren’t allowed to just add a digit. It meant that people started writing their passwords on post-its stuck to the monitor.
Mind you, back in the 90s your password was the same as your username. It was very handy, because if someone went home leaving a document locked, you could just log in and unlock it. Our first “proper” IT professional was horrified.