Password expiry - why?
-
Hi,
Any particular reason why passwords on this site expire?I ask because the current consensus among security experts seems to be that it's a counterproductive practice.
Microsoft gives a good summary of the arguments:
https://docs.microsoft.com/en-us/microsoft-365/admin/misc/password-policy-recommendations?view=o365-worldwidePassword expiration requirements do more harm than good, because these requirements make users select predictable passwords, composed of sequential words and numbers which are closely related to each other. In these cases, the next password can be predicted based on the previous password. Password expiration requirements offer no containment benefits because cyber criminals almost always use credentials as soon as they compromise them.
A very good modern way to safeguard our credentials would be to check them against https://haveibeenpwned.com/ or similar service, something even the NIST is now recommending.
-
I don't remember enabling that feature. However, your best bet is to sign on using an SSO by Google or Facebook. Then you don't have to worry about passwords at all.
-
@administrator Thanks for answering!
I prefer not to link every online identity together - It's far too easy to get arbitrarily disconnected from your Facebook account. I just don't trust the tech giants like I used to.
I can live with changing the password once a year (or is it every two years?). Just curious if there was any particular reason for it, but now I know!
Yamaha YTR-8335G
Monke Bb trumpet
Carol Brass flugelhorn
YTR-6810 piccolo
Burbank Eb/D
Various antique cornets & horns in various keys -
I've been here since we started (March 2019) and have never been asked to change my password. I do stay logged in between sessions (usually).
Getzen Eterna 700, Eterna 800
Conn Connstellation 28A, Victor 80A, Connqueror (1903)
ACB Doubler Flugelhorn -
@shifty said in Password expiry - why?:
I've been here since we started (March 2019) and have never been asked to change my password. I do stay logged in between sessions (usually).
I too have been here without log in problems with the exception of a brief period when a Moderator had unilaterally banned me off of TB out of a fit of rage. That Moderator was later permanently banned when his rage continued onto others here at TB, so in a way, I feel vindicated for that brief time away.
Allora Pocket Trumpet 2014
Harrelson Summit 2017
Kanstul 1526 2012
Getzen Power Bore 1961
Getzen Eterna 4-Valve Fulgelhorn 1974
Martin Committee 1946
Olds Super Recording 1940
Olds Recording (LA) 1953
Olds Recording (Fullerton) 1967
Olds Ambassador 1965 -
@dr-go said in Password expiry - why?:
@shifty said in Password expiry - why?:
I've been here since we started (March 2019) and have never been asked to change my password. I do stay logged in between sessions (usually).
I too have been here without log in problems with the exception of a brief period when a Moderator had unilaterally banned me off of TB out of a fit of rage. That Moderator was later permanently banned when his rage continued onto others here at TB, so in a way, I feel vindicated for that brief time away.
I'm sorry that happened. Glad you're still around.
For what it's worth, I am the FIRST user and have never changed my password.
-
@Jolter or anybody for that matter, if you get locked out I can reset your password. You're always free to create a new account.
