19
Unpopular opinion: "change your password every 30 days" is the worst advice I ever got
My old IT guy at a small marketing firm in Austin swore by forcing password resets every month. I followed his rule for 2 years and ended up using "Austin2022!" then "Austin2023!" then "Austin2024!" because I couldn't remember 24 different passwords. Then I read that NIST actually came out and said frequent changes make people pick weaker passwords. Has anyone else had a boss or IT person give them security advice that was actually making things worse?
3 comments
Log in to join the discussion
Log In3 Comments
garcia.charles18d ago
Had the same damn problem at my shop. Used "Garag3!" then "Garag3!!" then "Garag3!!!" as my go-to pattern. Made me realize the old advice just trains people to make tiny variations. Way easier to just use a password manager and pick one good long phrase that never changes.
7
scott.grace16d ago
Wait, you actually had an IT guy who enforced that? That's wild. I mean, I get that some companies have dumb policies, but forcing people to change passwords every thirty days is basically begging them to write it on a sticky note under their keyboard. And of course NIST walked that back, it was obvious common sense. Your poor brain trying to remember "Austin2022!" then "Austin2023!" is exactly what they trained you to do, just cycle through the year. That's not security, that's a memory game nobody asked to play. I'm still mad at your old IT guy and I don't even know him.
2