🎙️
25

TIL my 'secure' password strategy was actually making me less safe

I popped into a cybersecurity talk at the local library last Tuesday and the guy running it said something that really bugged me. He claimed that changing passwords every 30 days makes people pick weaker ones... and I think he's right. After 3 years of forcing monthly changes at work, I've noticed everyone just uses "Month2023" over and over. Has anyone else noticed their organization's rules actually hurt security instead of helping?
3 comments

Log in to join the discussion

Log In
3 Comments
skylerrobinson
The 30 day change thing is a total joke at my job too, everyone just cycles through the same 3 passwords with the month number tacked on. I'm glad someone finally called it out because it makes everyone miserable without actually helping anything.
3
henderson.oscar
henderson.oscar12d agoTop Commenter
Totally agree with you @skylerrobinson. It drives me nuts watching coworkers write their "new" password on a sticky note under their keyboard because nobody can remember which month's version of Password123 they're on. My old office had a guy who literally just changed the number from 1 to 2 to 3 and back again every 30 days on the dot. The worst part is when IT blocks the old ones and you lock yourself out on a Friday afternoon because you accidentally used November's password instead of October's. It's security theater at its finest.
3
scott.drew
scott.drew11d ago
The sticky note thing always cracks me up because people spend all that effort hiding it "in plain sight" like the underside of a keyboard drawer or taped to the monitor bezel. My last job had a lady who wrote hers on a Post-it and stuck it to her ID badge, right next to her photo. Watched her type it in at the door every single morning without even flipping it over. How many months did you watch the same crew cycle through "January2022$, February2022$" before IT finally gave up on the 90 day rule?
6