fsebugoutzone.org:9999

       Post AYTSJ9cLumtSCZUcHA by benjaminhollon@fosstodon.org
 (DIR) More posts by benjaminhollon@fosstodon.org
 (DIR) Post #AYR0NbzXB3j4KMklDk by pheonix@fosstodon.org
       2023-08-05T05:48:55Z
       
       0 likes, 0 repeats
       
       #askfedi Policy of changing your bank #password every 90 days is :
       
 (DIR) Post #AYR0Nd1hKV3DXMm0ES by benjaminhollon@fosstodon.org
       2023-08-05T05:50:54Z
       
       0 likes, 0 repeats
       
       @pheonixIf you&#39;re using randomly generated passwords in a password manager, it&#39;s mostly theatre, but it&#39;s also relatively easy to change your password, so imo you might as well do it.For other people… it depends what their strategy is. If they&#39;re just, say, rotating a number in the password, it doesn&#39;t really help.
       
 (DIR) Post #AYR0NduI3WigGgJbKC by benjaminhollon@fosstodon.org
       2023-08-05T05:57:28Z
       
       0 likes, 0 repeats
       
       @pheonixI will say, my uni having a similar policy has actually encouraged more secure passwords in some cases, because longer passwords don&#39;t need to be changed as often, so people choose longer (and hopefully more secure?) passwords.
       
 (DIR) Post #AYR0NeXdhECAEij1eq by strypey@mastodon.nzoss.nz
       2023-08-05T22:35:21Z
       
       0 likes, 0 repeats
       
       @benjaminhollonThe less often people change their passphrase, the more likely they are to remember it. Ergo, the less likely they are to write it on a sticky note and sticky it on their monitor (or other similarly compromising reminder tactics).So not only is forcing regular password changes security theatre, in most cases it reduced security in practice.@pheonix
       
 (DIR) Post #AYSZQo5OMFhUGCiCtU by eichin@mastodon.mit.edu
       2023-08-06T16:42:51Z
       
       0 likes, 0 repeats
       
       @strypeyUS NIST guidelines were recently updated to discourage password cycle times under a year and emphasize length instead. (I don&#39;t know if any bank specific industry groups have followed suit, though they should. But perhaps the survey was more about measuring popular perception...)@benjaminhollon @pheonix
       
 (DIR) Post #AYTDxPuPGVqqzzg6jY by strypey@mastodon.nzoss.nz
       2023-08-07T00:17:09Z
       
       0 likes, 0 repeats
       
       @eichin&gt; I don&#39;t know if any bank specific industry groups have followed suitHardly anyone has. I can&#39;t use my really strong passphrases with my internet banking, because it enforces a &quot;strong password&quot; based on 90s assumptions that &quot;p@ssW0rd&quot; is harder for a Bad Actor to crack than &quot;battleshipbatterystaplehorse&quot; : /@benjaminhollon @pheonix
       
 (DIR) Post #AYTSJ9cLumtSCZUcHA by benjaminhollon@fosstodon.org
       2023-08-07T02:57:11Z
       
       0 likes, 0 repeats
       
       @strypey @eichin @pheonixYeah, my bank&#39;s password requirements ruled out any password I&#39;ve ever used, most of them because my passwords are *longer* than their maximum limit. They also don&#39;t allow spaces, which is frustrating. And their selection of symbols is pretty random, not including some of the basics like !.