4409 days old password?
Options
Exemplar
Posts: 1,604 Forumite
in Techie Stuff
Just had this appear when logging in to the MSE forums:
Your password is 4409 days old, and has therefore expired.
4409? Struggling to see the logic there as:
4409/365 = 12.079
4409/52 = 84.788
4409/7 = 629.857
At my old company it was every 42 days as 42/7 = 6 so a logical format?
I'm not criticising at all, just wondering!
Your password is 4409 days old, and has therefore expired.
4409? Struggling to see the logic there as:
4409/365 = 12.079
4409/52 = 84.788
4409/7 = 629.857
At my old company it was every 42 days as 42/7 = 6 so a logical format?
I'm not criticising at all, just wondering!
'Just because its on the internet don't believe it 100%'. Abraham Lincoln.
I have opinions, you have opinions. All of our opinions are valid whether they are based on fact or feeling. Respect other peoples opinions, stop forcing your opinions on other people and the world will be a happier place.
I have opinions, you have opinions. All of our opinions are valid whether they are based on fact or feeling. Respect other peoples opinions, stop forcing your opinions on other people and the world will be a happier place.
0
Comments
-
It's the site, they're making everyone do it. Several other threads floating about somewhere.All shall be well, and all shall be well, and all manner of things shall be well.
Pedant alert - it's could have, not could of.0 -
Ah right.. Thanks!'Just because its on the internet don't believe it 100%'. Abraham Lincoln.
I have opinions, you have opinions. All of our opinions are valid whether they are based on fact or feeling. Respect other peoples opinions, stop forcing your opinions on other people and the world will be a happier place.0 -
I wonder has MSE had a hack scare?? making us all change passwords!!
.0 -
Yeah mine was something random like 2436 days. Should probably be changing passwords much more frequently!0
-
Yeah mine was something random like 2436 days. Should probably be changing passwords much more frequently!
How is it random? Given that you've been on the site for almost 7 years then that seems to be the correct number of days since you last changed your password (assuming that, like me, you've never changed it).0 -
-
How is it random? Given that you've been on the site for almost 7 years then that seems to be the correct number of days since you last changed your password (assuming that, like me, you've never changed it).
Yes - I didn't mean completely random, just that it wasn't a set password expiry period such as 30 or 90 days. Pretty much all my work related passwords have such a policy along with various rules on length, use of non-standard characters, not using a password that has been used before etc etc.
I'd be interested to hear thoughts on why changing passwords regularly would not be a good idea. I've always thought that if a password was compromised, then if it remains the same then it would be easier for someone else to log in to an account indefinitely.0 -
I'd be interested to hear thoughts on why changing passwords regularly would not be a good idea. I've always thought that if a password was compromised, then if it remains the same then it would be easier for someone else to log in to an account indefinitely.
Here's a good write-up.
Basically, the best thing to do is use a password manager.
https://nakedsecurity.sophos.com/2017/08/11/why-nists-bill-burr-shouldnt-regret-his-2003-password-advice/0 -
Yes - I didn't mean completely random, just that it wasn't a set password expiry period such as 30 or 90 days. Pretty much all my work related passwords have such a policy along with various rules on length, use of non-standard characters, not using a password that has been used before etc etc.
I'd be interested to hear thoughts on why changing passwords regularly would not be a good idea. I've always thought that if a password was compromised, then if it remains the same then it would be easier for someone else to log in to an account indefinitely.
Multiple reasons, mostly statistical, eg what people do overall
- Given many passwords regularly changing they get fed up and drop to one or very few passwords they use across sites. You or I may not do this but in general that's what happens. So, a breach when it comes doesn't just expose their forum password but their banking one, say.
- People can no longer remember all the changing passwords and write them down somewhere easily accessible, worst case the classic sticky note on the front of the computer screen (or maybe to be secure, on the back ) You or I may not do this and will use a password manager, but in general that's what happens. This is a classic at workplaces where its common to see a sticky with "this weeks password" written on it. Heres a recent example.
- You get fed up changing passwords all the time and gradually move from complex ones to simpler ones because its an effort to generate a new complex one, make a note of it soemwhere secure, etc. You or I may not do this and will use a password manager to generate super complex ones and store them securely, but in general that's what happens, so over time passwords get simpler and easier to crack.
- Forcing non reuse simply moves people to circumvent with a number. eg SooperSecr$t01 changes to SooperSecr$t02, and if they only check the last ten, back to SooperSecr$t00, then 01 etc. So knowing there is likely a one or two digit number at the start or end of a password makes brute force attacks easier, and potentially leads to more easily guessable passwords because people have satisfied the "must have a number" condition except now its plain the number will always be one or two digits start or end whereas they might not have done that in the past
- its pointless. If there's been a hack, change it. If there hasn't, well that means that your current password is good enough not to be guessed or brute forced, assuming someone is trying to do that, so why change it? And if they arent trying to guess or brute force it, remind me what was the point ?
- its efficiency draining and counterproductive, especially in the workplace where you may have dozens to hundreds of passwords and may literally end up changing one most days, ending up with your forgetting them and needing to spend time doing resets with IT support or ending up with them written in a little book or in an easily accessible place like a spreadsheet. Number of people i knew at work with all their passwords and user names in a spreadsheet was legion.0
This discussion has been closed.
Categories
- All Categories
- 343.3K Banking & Borrowing
- 250.1K Reduce Debt & Boost Income
- 449.7K Spending & Discounts
- 235.3K Work, Benefits & Business
- 608.1K Mortgages, Homes & Bills
- 173.1K Life & Family
- 248K Travel & Transport
- 1.5M Hobbies & Leisure
- 15.9K Discuss & Feedback
- 15.1K Coronavirus Support Boards