I remember reading an article once which referred to research which suggested that making people change passwords every month made their accounts less secure, because they have to go extra steps to remember them - which usually translates to making them really obvious and/or storing them where they’re easily accessed. In one of my previous jobs where we had to change passwords every month, basically everybody would have their password written on a post-it on their computer monitor.
Yeah, that’s actually also why it’s no longer considered best practice to force regular password changes. But many places / websites /apps still do, obviously.
In my first job I had like 7 different passwords to access different systems. Each one had different schedule of password reset. They each ended up being on a different reset schedule. I had to reset a password once or twice a week.
Yeah, everyone had their passwords on a sticky note on their monitor. I once got praise for being the one person without it. I of course had an abreviation for the system with what number series the password was on posted on my monitor.
I had a passkey card where each letter was given a random sequence of uppercase, lowercase, a number and a symbol. With just a four letter word as they key you had a 16 digit random password that was hard to guess even if you had the key sheet.
I remember reading an article once which referred to research which suggested that making people change passwords every month made their accounts less secure, because they have to go extra steps to remember them - which usually translates to making them really obvious and/or storing them where they’re easily accessed. In one of my previous jobs where we had to change passwords every month, basically everybody would have their password written on a post-it on their computer monitor.
Sticky note under the keyboard is probably still the number one spot.
Yeah, that’s actually also why it’s no longer considered best practice to force regular password changes. But many places / websites /apps still do, obviously.
In my first job I had like 7 different passwords to access different systems. Each one had different schedule of password reset. They each ended up being on a different reset schedule. I had to reset a password once or twice a week.
Yeah, everyone had their passwords on a sticky note on their monitor. I once got praise for being the one person without it. I of course had an abreviation for the system with what number series the password was on posted on my monitor.
This is my current job. I’ve got monthly, every three months, every quarter, once per year… Thank goodness the last service they added has SSO.
I had a passkey card where each letter was given a random sequence of uppercase, lowercase, a number and a symbol. With just a four letter word as they key you had a 16 digit random password that was hard to guess even if you had the key sheet.
I worked in top secret military stuff and the worst I had was every 4 months on some systems. Monthly seems extremely ineffective.