LogFAQs > #963842030

LurkerFAQs, Active DB, DB1, DB2, DB3, DB4, DB5, DB6, DB7, DB8, DB9, Database 10 ( 02.17.2022-12-01-2022 ), DB11, DB12, Clear

Topic List	Page List: 1
Topic	FML, My company is now requiring all passwords be EIGHTEEN DAMN CHARACTERS LONG
Karovorak 03/29/22 3:07:17 AM #23:	Just to explain why some security guys think this is usefull: The biggest threat is always using the same password. You used your mail and password for cheapsite.com and cheapsite.com got hacked and didn't secure the password as it should? good job, your combination of mail + password is now totally insecure, no matter how strong the password was. Happend to me too, using my spam mail (for sites I don't give a f) and most used password (for sites I don't give a f) on a site, and it got hacked. Years later, I created a Ubisoft account because I needed one for some game and... It got hacked in under 2 hours. Because the mail+password in clear text was leaked and part of some hacker database, automatically attacking everything 24/7. So, IT security wants to make sure that people don't use their company passwords multiple times in private use. Sadly, the approach is always long passwords and changing it every time. That ensures that you will never use this password privatly. But the result is usually pretty lazy passwords, or passwords writen down next to the desk, INCREASING the risks. In my old company, we had to change the password every month. I swear, I'm sure you could hack 10% of all employees with trying "January2022" or similar passwords. <cite>Karovorak posted [p:963842030] in FML, My co... [t:79962839]...</cite> <quote>Just to explain why some security guys think this is usefull: The biggest threat is always using the same password. You used your mail and password for cheapsite.com and cheapsite.com got hacked and didn't secure the password as it should? good job, your combination of mail + password is now totally insecure, no matter how strong the password was. Happend to me too, using my spam mail (for sites I don't give a f) and most used password (for sites I don't give a f) on a site, and it got hacked. Years later, I created a Ubisoft account because I needed one for some game and... It got hacked in under 2 hours. Because the mail+password in clear text was leaked and part of some hacker database, automatically attacking everything 24/7. So, IT security wants to make sure that people don't use their company passwords multiple times in private use. Sadly, the approach is always long passwords and changing it every time. That ensures that you will never use this password privatly. But the result is usually pretty lazy passwords, or passwords writen down next to the desk, INCREASING the risks. In my old company, we had to change the password every month. I swear, I'm sure you could hack 10% of all employees with trying "January2022" or similar passwords. </quote> ... Copied to Clipboard!
Topic List	Page List: 1