MT password requirements are stupid
#1
2 Props,3 Dildos,& 1 Cat
Thread Starter
iTrader: (8)
Join Date: Jun 2005
Location: Fake Virginia
Posts: 19,338
Total Cats: 573
MT password requirements are stupid
@Braineack tag the IB admins. I forget who they are.
Seriously, haven't we all learned that all of the bullshit symbol and character requirements for passwords are no longer the best practice for passwords? I just got the "your password is 91 days old" nag and the new requirements are the dipshit IT departments best guess at how to be secure from 2002.
Here's my prediction based on the below facts:
1. passwords must be changed every 90 days
2. passwords must be sufficiently complex, using like 5 different character types
3. passwords must not be the same as previous ones
Prediction: in about 90 days, your users will just tell you to **** off. And each time you force a new password, you'll lose more users.
The reality is that overly complicated passwords aren't that much more secure. And many systems have ditched 90 day password expirations because a post-it note with your password is pretty damn un-secure.
https://howsecureismypassword.net/
B@dd0g1! (9 hours-- fits MT requirements, pita to remember)
miatas0good4drifting (11 billion years-- easy to remember)
You@MTsuck99dicks! (7 quadrillion years-- fits MT requirements, but we can't all have the same awesome password...)
Seriously, haven't we all learned that all of the bullshit symbol and character requirements for passwords are no longer the best practice for passwords? I just got the "your password is 91 days old" nag and the new requirements are the dipshit IT departments best guess at how to be secure from 2002.
Here's my prediction based on the below facts:
1. passwords must be changed every 90 days
2. passwords must be sufficiently complex, using like 5 different character types
3. passwords must not be the same as previous ones
Prediction: in about 90 days, your users will just tell you to **** off. And each time you force a new password, you'll lose more users.
The reality is that overly complicated passwords aren't that much more secure. And many systems have ditched 90 day password expirations because a post-it note with your password is pretty damn un-secure.
https://howsecureismypassword.net/
B@dd0g1! (9 hours-- fits MT requirements, pita to remember)
miatas0good4drifting (11 billion years-- easy to remember)
You@MTsuck99dicks! (7 quadrillion years-- fits MT requirements, but we can't all have the same awesome password...)
#5
2 Props,3 Dildos,& 1 Cat
Thread Starter
iTrader: (8)
Join Date: Jun 2005
Location: Fake Virginia
Posts: 19,338
Total Cats: 573
Believe me, I know. We are NIST compliant here and I have to use some dipshit third party app for 2FA in addition to all the password BS. The difference is the paycheck.
180 days is better, thank you.
And believe me I also know all about the california privacy laws. My friend is a lawyer writing them for all the big tech firms. I send her text messages to express my displeasure.
180 days is better, thank you.
And believe me I also know all about the california privacy laws. My friend is a lawyer writing them for all the big tech firms. I send her text messages to express my displeasure.
#11
mkturbo.com
iTrader: (24)
Join Date: May 2006
Location: Charleston SC
Posts: 15,177
Total Cats: 1,681
looks like admins don't have a password expiry set, so it makes absolutely no sense that super mods do. @y8s have you always had to rotate your password every 90 days?
edit; mods also have a 90 day expiry set.
edit; mods also have a 90 day expiry set.
I had Nolan turn that off years ago.
Thread
Thread Starter
Forum
Replies
Last Post