Hey everyone! I could really use your advice here. My workplace requires us to change our passwords every 30 days, and they have to be super complex. Recently, two of my colleagues changed their passwords and forgot the new ones within days. I'm planning to bring this up with my manager and the IT department since it seems pretty extreme. I'm looking for solid evidence that supports longer password policies, like changing them once a year or only if there's a security breach, as being more secure than these overly complicated ones like "B!c3n+en!@L" that leave us scrambling or jotting them down. Also, some of my team members aren't very tech-savvy and are already writing their passwords down. Any help would be appreciated!
4 Answers
It's likely your IT team is just complying with outdated regulations that say they have to enforce strict password changes. Maybe it’s time to suggest looking into modern authentication methods instead!
Definitely! I think we could really improve our security by moving to updated policies.
Consider transitioning to passkeys or robust password managers. They’re the future and would definitely help with the frustrations you're facing with complex passwords!
NIST guidelines have actually changed recently. They recommend not forcing password changes at set intervals unless there's a known breach. So, instead of changing passwords every 30 days, let them stay until a compromise is confirmed. It's all about reducing unnecessary password fatigue!
There are lots of articles out there discussing this exact issue. If you Google 'why periodic password changes are unnecessary', you'll find a wealth of info that supports your position. Just make sure to point out how confusing complex password rules can be for those who aren't very tech-savvy!
Absolutely! Simpler passphrases can actually be more secure than overly complex passwords that no one can remember.
Once you start seeing search results, you'll realize just how much support there is for revising these outdated policies.
Yeah, it sounds like they need to do some research on current best practices!