claudex 4 days ago

There are policies to prevent changing the password more than once a day to prevent that. I've encountered it in several places

Reply View 10 replies
  • thih9 4 days ago

    Fascinating. In other words:

    In order to force the user to change their password more frequently (long term), the user is prevented from changing their password too frequently (short term).

    I wonder whether the person who added that is actually confident that the benefits outweigh the drawbacks or is that a case of tunnel vision.

    Reply View 0 replies
  • eqvinox 4 days ago

    There are also systems that keep a history of old passwords just to prevent you from reusing one.

    Reply View 7 replies
    • jandrese 4 days ago

      I like the ones that not only keep a history of your old passwords but will reject any password that is similar to any of your 30 previous passwords, which means they're storing either a plaintext or reversibly encrypted list of every password somewhere on the system. Talk about a goldmine for the hacker that dumps that database.

      Reply View 6 replies
      • Rexxar 4 days ago

        Something like that could probably be implemented by storing multiple hash of some automatically modified version of the password. For example, if your password is "PassWorD" they can additionally store the hash of the lowercase version of the password. So if you change it from "PassWorD" to "paSswOrd", they will see it has the same lowercase hash than the previous one without knowing it.

        Reply View 4 replies
      • rightbyte 4 days ago

        Ye. If the insane password gatekeeper shenanigans doesn't make you input your old password together with the new, you know they store your passwords.

        Reply View 0 replies
  • Viliam1234 2 days ago

    The obvious solution is to have a Monday password, a Tuesday password, etc.

    Reply View 0 replies
HocusLocus 4 days ago

Password changed.

Password changed.

Password changed.

Error at : broken pipe

Reply View 0 replies