Current Events > I hate the day you change your work password.

(+) Yeah! (+)

I'll be typing the old password first for days now. :(

---

It sucks when it happens on a Friday too. I almost always forget by Monday and we get three tries before it locks us out and IT has to get us back in.

---

And since they make you choose something hard to guess, it makes it really hard for you to guess

---

It's nice being a domain admin, mine always stays the same
---

voldothegr8 posted...

It's nice being a domain admin, mine always stays the same

---

voldothegr8 posted...

It's nice being a domain admin, mine always stays the same

Huh. I'm the netadmin at my school, and me, principals, and office staff (anyone with special access to some stuff) have to change every 60 days. Teachers used to have to do it too, but they changed it like 2 years ago. They can change their password if they want, but they don't actually expire.
---

My work system lets you change your password to your old password.

I know it's an obvious exploit in waiting, but man is it convenient.

---

Laserion posted...

Huh. I'm the netadmin at my school, and me, principals, and office staff (anyone with special access to some stuff) have to change every 60 days. Teachers used to have to do it too, but they changed it like 2 years ago. They can change their password if they want, but they don't actually expire.

As a domain admin, you can go into Active Directory and "reset your password" to what it currently is when it's about to expire and reset the timer. This method also bypasses the "can't set your password to anything you've used in the last X amount of passwords" policy.

Anyway, the new standard these days is to use multi-factor authentication and stop forcing users to change their password every X amount of days. It's much more secure and less annoyance for the end user.

---

our place has an idiotic system where if you mistakenly type in the wrong password 3 times, the account gets locked and you have to call/visit IT to have it opened and depending on how busy they are, it can take a while.

if somebody is feeling trollish they can type whatever username they've come across and lock that person's account.

---

Get a password manager.

---

Goodbye Password1. Hello Password2.

---

BlazinBlue88 posted...

As a domain admin, you can go into Active Directory and "reset your password" to what it currently is when it's about to expire and reset the timer. This method also bypasses the "can't set your password to anything you've used in the last X amount of passwords" policy.

Anyway, the new standard these days is to use multi-factor authentication and stop forcing users to change their password every X amount of days. It's much more secure and less annoyance for the end user.

Ahh, the life being a domain admin. Although the tradeoff is, as you mentioned, I have to reauthenticate via text about 14 times across all my different devices every time I renew my old password, so it's almost as annoying.

---

AsucaHayashi posted...

our place has an idiotic system where if you mistakenly type in the wrong password 3 times, the account gets locked and you have to call/visit IT to have it opened and depending on how busy they are, it can take a while.

if somebody is feeling trollish they can type whatever username they've come across and lock that person's account.

That's a normal policy. It prevents brute force password attacks.

Most places have it set so after the 3 failed attempts, it'll only lock the account out for 5-10 mins then auto unlock. Failed attempts after that would requite IT to manually unlock the account.

---

Buzz Killjoy posted...

Ahh, the life being a domain admin. Although the tradeoff is, as you mentioned, I have to reauthenticate via text about 14 times across all my different devices every time I renew my old password, so it's almost as annoying.

We have it set so it'll only ask you to reauthenticate every 30 days so it's really not that bad.

---

I have 8 different work passwords that have to be changed with some regularity, lol. Our dealership carries 5 car manufacturers, a separate one for Honda power equipment, plus separate sites for flooring through Toyota and Subaru.
---

Ever move house and on the first day or sometime in the first week you drive home from work...to the old address. So annoying.

---

I follow an easily rememberable system for creating new passwords, that isnt just adding a number to the end

---

BlazinBlue88 posted...

As a domain admin, you can go into Active Directory and "reset your password" to what it currently is when it's about to expire and reset the timer. This method also bypasses the "can't set your password to anything you've used in the last X amount of passwords" policy.

Anyway, the new standard these days is to use multi-factor authentication and stop forcing users to change their password every X amount of days. It's much more secure and less annoyance for the end user.

Thanks. I'll try that, assuming the district didn't set up something against that on their end.
---

It's ironic that in an effort to increase the difficulty of guessing someone's password, we have created a world where most PCs have a sticky note with the password written on it about 25% of the time.

---

Yeah I just increment the number at the end of my normal password lmao
---

AsucaHayashi posted...

our place has an idiotic system where if you mistakenly type in the wrong password 3 times, the account gets locked and you have to call/visit IT to have it opened and depending on how busy they are, it can take a while.

if somebody is feeling trollish they can type whatever username they've come across and lock that person's account.

Then IT tracks down where the lock is coming from and most likely the offender will be visiting HR, if it's habitual that is.
---

Our school forces everyone to change their passwords every 6 months because so many people kept falling for phishing emails.

Such annoying. Moving to 2FA though so many thatll change that, or at least make it not as often.

---

I finally made a password cheat sheet for work a few months ago. It got out of control. I had to waste an hour doing it, but it was worth it.

---

DevsBro posted...

It's ironic that in an effort to increase the difficulty of guessing someone's password, we have created a world where most PCs have a sticky note with the password written on it about 25% of the time.

An overly-stringent password that humans can't remember, but machines can trivially guess, isn't a useful password anyway.
https://xkcd.com/936/

Timohtep posted...

Yeah I just increment the number at the end of my normal password lmao

sktgamer_13dude posted...

Our school forces everyone to change their passwords every 6 months because so many people kept falling for phishing emails.

Such annoying. Moving to 2FA though so many thatll change that, or at least make it not as often.

My company does a yearly phishing campaign and people still keep falling for it even though they get mandatory security awareness training once they fail... I hate when they get pissed at us cause we forcibly change their password cause they clicked on the link of a suspicious email.

It is quite annoying when they said they never clicked on the link, we have software letting us know the time and how many times they clicked on the link. Or just as stupidly, they respond to the suspicious email asking if this is legit. WHY?! Our security training literally says to never respond to the email, if you know the sender, give them a call. And don't use the number on the email. And the phishing attempts all suck as well, half the time they don't even have anything in the body of the email, just a link or attachment with the subject INVOICE. The utter stupidity of some people....

---

Our phishing attempts are generally your inbox is full, click here to fix it!!! or shit like want to earn 500/week from home? click here.

Generally just forward those messages to abuse to get them fixed and move on, because theyre all sent from peoples university emails.

---

Almost everyone I know just does the adding 123456789 thing now because of that nonsense.

---

I have a method to do password, when they expire every 3 months.

Season, year

Easy to remember with changes, although I changed my yesterday and with the nice weather I keep typing the old one lol

---

My password had lowercase, uppercase, numbers, several special characters, but I never forgot it.

---