• Quick note - the problem with Youtube videos not embedding on the forum appears to have been fixed, thanks to ZiprHead. If you do still see problems let me know.

How often do you change passwords?

TragicMonkey said:
My workplace requires us to change passwords every 90 days. That wouldn't be a problem in itself, but unfortunately the various applications and systems that are supposed to sync up with password changes...don't. Sometimes I go weeks with two passwords and having to try both with everything.
Click to expand...
Do we work at the same company?
 
Changing passwords regularly just makes sense. You don't often know when your system gets breached till much later, and your passwords have been 'out there' for a while already. A regular changing makes the breach obsolete unless they acted fast on you personally and took over your account.

I have an elderly/un-computer savvy customer that uses a yahoo account to contact me. She has some kind of password like 'password', and her account is regularly nabbed and some ridiculous spam sent out on mass mailings. She then changes her password to 'pa$$word' and we go through the same thing again in a few months. She doesn't have her banking online or they would have likely cleaned her out years ago,
 
Thermal said:
Changing passwords regularly just makes sense. You don't often know when your system gets breached till much later, and your passwords have been 'out there' for a while already. A regular changing makes the breach obsolete unless they acted fast on you personally and took over your account.

I have an elderly/un-computer savvy customer that uses a yahoo account to contact me. She has some kind of password like 'password', and her account is regularly nabbed and some ridiculous spam sent out on mass mailings. She then changes her password to 'pa$$word' and we go through the same thing again in a few months. She doesn't have her banking online or they would have likely cleaned her out years ago,
Click to expand...

As an I.T. guy, I respectfully disagree. In your description it makes sense, but the peripherals of repeatedly changing your password is what causes problems.

Most passwords are stolen because the user outright gives them to the person who is doing the harvesting vs. a hacker acquiring an encrypted database from an intrusion would take months, years, maybe longer to break through that encryption, depending on how it was encrypted. Asking your computer-stupid customer for their password because their "nephew is in jail" takes about 10 minutes and allows one to avoid thousands and thousands of dollars required for the processing power to break encryption on a database. It's always easier to hack the person rather than the tech.

Force people to constantly change their password generally results in people writing their new passwords down, putting them in a notepad style app on their phone, or just getting frustrated at having to change them so much that they make them as easy as possible.

The best way to protect yourself is get a good, secure password, use a solid password vault (like bitwarden), and make sure 2FA is turned on at every. single. opportunity. 2FA will protect you millions and millions times more than changing your password. I don't care what you change it to.
 
Last edited:
plague311 said:
As an I.T. guy, I respectfully disagree. In your description it makes sense, but the peripherals of repeatedly changing your password is what causes problems.

Most passwords are stolen because the user outright gives them to the person who is doing the harvesting vs. a hacker acquiring an encrypted database from an intrusion would take months, years, maybe longer to break through that encryption, depending on how it was encrypted. Asking your computer-stupid customer for their password because their "nephew is in jail" takes about 10 minutes and allows one to avoid thousands and thousands of dollars required for the processing power to break encryption on a database. It's always easier to hack the person rather than the tech.

Force people to constantly change their password generally results in people writing their new passwords down, putting them in a notepad style app on their phone, or just getting frustrated at having to change them so much that they make them as easy as possible.

The best way to protect yourself is get a good, secure password, use a solid password vault (like bitwarden), and make sure 2FA is turned on at every. single. opportunity. 2FA will protect you millions and millions times more than changing your password. I don't care what you change it to.
Click to expand...
Where I had my first job was a classic case in point. Complex rules for composition, no number in the same location as the previous x passwords. No letter being the same as the previous x passwords. Alphanumeric and changing every 3 months.

Also one account in the drawing office and multiple people needing access.

Yes, you looked for the post it note under George's phone.
 
plague311 said:
As an I.T. guy, I respectfully disagree. In your description it makes sense, but the peripherals of repeatedly changing your password is what causes problems.

Most passwords are stolen because the user outright gives them to the person who is doing the harvesting vs. a hacker acquiring an encrypted database from an intrusion would take months, years, maybe longer to break through that encryption, depending on how it was encrypted. Asking your computer-stupid customer for their password because their "nephew is in jail" takes about 10 minutes and allows one to avoid thousands and thousands of dollars required for the processing power to break encryption on a database. It's always easier to hack the person rather than the tech.

Force people to constantly change their password generally results in people writing their new passwords down, putting them in a notepad style app on their phone, or just getting frustrated at having to change them so much that they make them as easy as possible.

The best way to protect yourself is get a good, secure password, use a solid password vault (like bitwarden), and make sure 2FA is turned on at every. single. opportunity. 2FA will protect you millions and millions times more than changing your password. I don't care what you change it to.
Click to expand...
Good point about two step verification. I use that for banking and all, but for mundanities like email and Amazon one-click buying, I'm overly exposed.

Email in particular I should be more on guard about. Anytime you click on 'forgot password', a new one is straight to email and you're in.
 
TragicMonkey said:
My workplace requires us to change passwords every 90 days. That wouldn't be a problem in itself, but unfortunately the various applications and systems that are supposed to sync up with password changes...don't. Sometimes I go weeks with two passwords and having to try both with everything.
Click to expand...

May I call your attention to software called "Secret Server" and "Password Manager".

My former employer invested in that, and it automatically managed my passwords for me, across a plethora of servers, environments, domains, etc.

(Something like 100 passwords, many with different rulesets and frequency of update because of various server operating systems.)

The only password I needed, was a single domain password, that allowed me to log in to Secret Server.

Secret Server | Powerful PAM in the Cloud or On-Premises

Protect privileged accounts with Delinea Secret Server. Easy-to-use, full-featured privileged access management. Cloud and on-premises.
delinea.com delinea.com
 
I'm sure I've shared this before but it keeps happening: I'll set up a good password for some account of my mom's, I'll write it down in her little book of passwords I got her, then even when she's got the book in front of her she'll enter it wrong. I tried using conventions: always starting with a three digit number, always ending in an exclamation mark...but then she'd assume the exclamation mark was just written down for emphasis and not part of the password itself. And she cannot grasp that capitalization always matters in passwords and never matters in email addresses. And more often than not she has multiple scraps of paper and index cards with passwords as well as the little book, and none of them dated so you don't know which is the current one. Or she'll write the password down absolutely correctly...but not what it's the password to.

It's easier to reset her password than to divine what the current one is. Which means fun with her phone for authentication....her phone's passcode isn't her anniversary, but the date she met my father. Great password there because it's something that's written down nowhere on earth. Information only existing in her own head. I have no idea when she met my dad, they dated for at least a couple of years before they got married!
 
TragicMonkey said:
I'm sure I've shared this before but it keeps happening: I'll set up a good password for some account of my mom's, I'll write it down in her little book of passwords I got her, then even when she's got the book in front of her she'll enter it wrong. I tried using conventions: always starting with a three digit number, always ending in an exclamation mark...but then she'd assume the exclamation mark was just written down for emphasis and not part of the password itself. And she cannot grasp that capitalization always matters in passwords and never matters in email addresses. And more often than not she has multiple scraps of paper and index cards with passwords as well as the little book, and none of them dated so you don't know which is the current one. Or she'll write the password down absolutely correctly...but not what it's the password to.

It's easier to reset her password than to divine what the current one is. Which means fun with her phone for authentication....her phone's passcode isn't her anniversary, but the date she met my father. Great password there because it's something that's written down nowhere on earth. Information only existing in her own head. I have no idea when she met my dad, they dated for at least a couple of years before they got married!
Click to expand...
Could you recommend a password manager like Dashlane to her? Then in theory she only needs to remember one password.
 
Safe-Keeper said:
Pretty rarely, I figure that with all the keys on my keyboard, 1234 must be pretty hard to guess.
Click to expand...
Were it that simple anymore. To create an account to log in and, say, pay my water bill, there is a cryptic chain of requirements that would make Ethan Hunt furrow his brow. In addition to the usual stuff (at least one capital letter, one specialty character, one number, etc), you can't start or end with a number, must incorporate three unique hieroglyphics, and every three months the bastards suddenly demand you make a new password, using none of the characters mankind has ever used before since we crawled out of the oceans.
 
Safe-Keeper said:
Could you recommend a password manager like Dashlane to her? Then in theory she only needs to remember one password.
Click to expand...
I do know of one guy who apparently got overseen entering that password manager password (or somehow hacked), because someone got ahold of it and wreaked holy hell.
 
Thermal said:
Since you brought this to my attention, I've been adding my cel to accounts that I had been neglecting for quicker access. Good advice man, thanks. We all need a prompt for doing the smart thing sometimes.
Click to expand...

Absolutely, any time. One reminder too though is whenever you get a new phone to make sure you transfer your authenticator over because it sucks donkey wang to set them all up again!
 
plague311 said:
Absolutely, any time. One reminder too though is whenever you get a new phone to make sure you transfer your authenticator over because it sucks donkey wang to set them all up again!
Click to expand...
Oooooo, thanks for that. Didn't even occur to me. I run through phones a lot (breaking on jobs) and I do recall the endless re-establishing. Didn't even realize I could transfer the authenticator
 
I constantly switch my passwords back and forth between "password" and "12345." There's no way the hackers could ever keep up.
 
You must log in or register to reply here.

Back
Top Bottom