Alt text: Michael Scott Handshake meme. Managers text: “My company Congratulating me on avoiding a phishing test email”. Michael Scott text: “Me, terminally behind on answering email.”
Alt text: Michael Scott Handshake meme. Managers text: “My company Congratulating me on avoiding a phishing test email”. Michael Scott text: “Me, terminally behind on answering email.”
“Let’s also make our users follow really complex password requirements but have our password creation/change page be different from the actual login screen so they have a really hard time using a password manager”-dumbass IT department
Change your password every 30 days, and never reuse one, and don’t use a password manager, and don’t write it down anywhere, and…
The “Forgot password?” link is my new login process.
My current employer actually just changed our password policy to greatly extend the password expiration date. We have cranked up the password requirements a tad, every login has 2FA and permissions are locked down to the size of a gnats asshole. Users seem to like it better since they don’t have to come up with a new password as often and we are telling ourselves it’s harder to brute force.