You are viewing a single comment's thread.

view the rest of the comments →

2
38

[–] GoogleHatesVoat 2 points 38 points (+40|-2) ago 

Sounds like military level security. You change it every 30 days and you don't write it down anywhere. Even civilians have to follow the protocol when on DoD systems. Hillary would have never survived as a normal citizen soldier, she would have ended up doing push ups until she puked to use secure systems properly. That or sent off to federal prison. Following the rules is just not her style, she's a thug after all.

0
21

[–] count_fagula 0 points 21 points (+21|-0) ago 

You change it every 30 days

This is a complete and utter bollocks security policy. What's more secure, a series of Password1!, Password2! derivatives or a tough fucker like Chek2frecAl+ that you choose ONCE? At least NIST agrees with me now

BTW, the password above was generated by apg on Linux, probably there are Windows apps for pronouncable-password generation too. Can't be arsed to look for them at the moment though.

[–] [deleted] 0 points 6 points (+6|-0) ago 

[Deleted]

0
2

[–] L_Etranger 0 points 2 points (+2|-0) ago 

Until the plain text DB gets compromised. But that's more a reason to not reuse passwords.

0
1

[–] jakedp 0 points 1 points (+1|-0) ago 

"For quick background, The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. Department of Commerce."

I think I will change it once a month with apg and then put it in a text file encrypted with GPG, thank you. ;-)

0
1

[–] BobBelcher 0 points 1 points (+1|-0) ago  (edited ago)

This is a complete and utter bollocks security policy

Not only that, but one system I had to use, remembered the last five passwords and wouldn't let you reuse one. The password also had to be a min of 16 chars with at least 2 lowercase, 2 uppercase, 2 special chars, and 2 numbers. But it wasn't a 30 day change, I think it was 60 or 90 days. I used keyboard patterns, and then reversed them, then started using my name with extra padding, then reversed that.

0
8

[–] AnechoicMedia 0 points 8 points (+8|-0) ago 

You change it every 30 days and you don't write it down anywhere.

Thankfully, NIST no longer recommends mandatory password changes as best practice, because time isn't the enemy of passwords and people fall back to using crap stub passwords that they iterate on.

0
6

[–] variable 0 points 6 points (+6|-0) ago 

There were some depositions of IT from her tenure as secretary of state that described how they tried to get her a computer in her office, but they couldn't make it meet her needs because she couldn't remember passwords or use her email through the secure system. They ended up giving her an entire area on the floor so that she could use her coveted blackberries to access her emails in the non-secure area. Just completely bananas.

0
3

[–] AssaultMonkey 0 points 3 points (+3|-0) ago 

However, to reset your password for a US military system (at least in my day) all you needed was your birthdate, maybe your SSN, and your name. I never bothered to remember any passwords because resetting them was just as easy.

0
0

[–] squataclops 0 points 0 points (+0|-0) ago 

Hah I remember doing exactly that pretty much every time I had to log in for anything AKO related. I was an infantry medic though so luckily didn't have to do much on computers.