You are viewing a single comment's thread.

view the rest of the comments →

0
21

[–] count_fagula 0 points 21 points (+21|-0) ago 

You change it every 30 days

This is a complete and utter bollocks security policy. What's more secure, a series of Password1!, Password2! derivatives or a tough fucker like Chek2frecAl+ that you choose ONCE? At least NIST agrees with me now

BTW, the password above was generated by apg on Linux, probably there are Windows apps for pronouncable-password generation too. Can't be arsed to look for them at the moment though.

[–] [deleted] 0 points 6 points (+6|-0) ago 

[Deleted]

0
5

[–] TheTrigger 0 points 5 points (+5|-0) ago 

This method is the tops. My password, on a paranoia-level virtual machine, used to be an entire paragraph (punctuation and all) excerpt from a book that I liked. Let's just say that password character limits piss me off.

0
3

[–] ninjai 0 points 3 points (+3|-0) ago 

This guy is right. Also there's a good xkcd comic on this.

Https://xkcd.com/936

0
1

[–] SaveTheChildren 0 points 1 points (+1|-0) ago  (edited ago)

I've used the same password my whole life and never had issues. It's similar to what you describe. Take something easy to remember and then change it up a little.

0
0

[–] djdevin 0 points 0 points (+0|-0) ago 

how about just 2FA?

I have shitty passwords because not even I can get into my account without my phone/fob/whatever

0
2

[–] L_Etranger 0 points 2 points (+2|-0) ago 

Until the plain text DB gets compromised. But that's more a reason to not reuse passwords.

0
1

[–] ThatsThat 0 points 1 points (+1|-0) ago 

That's why it is best practice to not store the passwords, but salted hashes of them.

0
1

[–] jakedp 0 points 1 points (+1|-0) ago 

"For quick background, The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the U.S. Department of Commerce."

I think I will change it once a month with apg and then put it in a text file encrypted with GPG, thank you. ;-)

0
1

[–] BobBelcher 0 points 1 points (+1|-0) ago  (edited ago)

This is a complete and utter bollocks security policy

Not only that, but one system I had to use, remembered the last five passwords and wouldn't let you reuse one. The password also had to be a min of 16 chars with at least 2 lowercase, 2 uppercase, 2 special chars, and 2 numbers. But it wasn't a 30 day change, I think it was 60 or 90 days. I used keyboard patterns, and then reversed them, then started using my name with extra padding, then reversed that.