oh my lawd does that laptop have two nics?
My workplace made us change our passwords to have a minimum of 14 characters, including upper and lower case letters, at least one number and one special character, with the ‘benefit’ being that we only have to change it annually rather than every 3 months. We also have to lock our computers every time we walk away from them, which I have to do 20 or more times a day, requiring entering the password to unlock it. This meme is my version of hell.
Password111!!!
I guarantee most of the passwords at your company follow the patern of: first letter capitalized of some password they use everywhere, followed by a number, then a special character that is the shift characters on the number row.
If they make you change them ever x months with history going back, they are all incrementing until they rotate back to 1.
Humans created passwords are very predictable.
:sheepish look:
i work at an IT department where ppl keep complaining about these things. your password WILL be secure and you WILL like it
This i a very reasonable and good way to handle corporate IT security on the device level. This is how most places should be doing it.
It’s so easy to remember long passwords if you just use full-ass sentences with some random other stuff that relates to your mind. My BitWarden master password is like 32 characters and I can type it in a couple seconds, and if I was in a coma for a year I would wake up and instantly remember it.
The only problem is, it spawned from a funny story in my life that I can no longer tell. Ah well, it’s worth it.
Zero trust framework actually no longer calls for routine password changes, it’s considered an ITIL best practice not to now, because it encourages people to write them down. Instead solid MFA for password situations and, properly, getting rid of passwords in the next few years.
But a lot of places are still outdated in this.
I’m not arguing with that. It’s more a comment on my typing skill, or lack thereof, and how often I have to enter it.
Ours was the same. But then reneged on the ‘annual’ part.
Especially when getting it wrong a third time means that you have to do the walk of shame to the IT help desk.
or restart and try again (this often works, idk why)
It locks both your smartcard and your user account, there is no way around that.
then shit
I had a director that just couldn’t do it. Took 47 tries for him to login. Didn’t matter what computer they used. I checked to make sure there wasn’t any outside source locking them out. They just weren’t able to do it.
New security measure: if the director logs in using 46 or fewer attempts, their account gets locked.
New password week for me!
I am in this picture and I do not like it
Now say my Name :)
No.
Just use bitwarden
Just to be clear: there is no reason anybody should be typing a password in 2025, other than maybe their master password for a keyvault. Also, 14 characters is not secure*. It needs to be at least 16, and that’s if you generate it randomly.
Four randomly selected words, XKCD style is also good
- according to Jeremi M Gosney, yer best source for password cracking and defense
Aren’t dictionary bruteforcing really efficient ?
Kind of, but also it doesn’t matter much: https://techcommunity.microsoft.com/blog/microsoft-entra-blog/your-paword-doesnt-matter/731984
In the context of things that rely on passwords for security it matters very much.
The Microsoft blog post that you reference is about their systems which displace that reliance, for both better and worse.
Exactly. I use KeepassXC, but Bitwarden is also good.
we keep doing this in QA and having to change it because it gets locked on the third attempt
