• Sanctus@lemmy.world
    link
    fedilink
    English
    arrow-up
    7
    ·
    3 days ago

    Ours isn’t like that at all. They dont even have to change it every three months. The insecurity is crazy here and they still can’t remember the same password they’ve had since before I started working here.

    • Cypher@lemmy.world
      link
      fedilink
      arrow-up
      9
      ·
      2 days ago

      Forcing password changes too frequently is actually a security risk, as it encourages bad practices like re-use, iteration, keyboard walks and writing the passwords down.

      There are reasonable limits to impose on this, and educating users with demonstrations such as haveibeenpwned have been highly effective in my experience.