At one of my clients, a large institution, they go further: you’re not allowed to use the local browser’s password manager. And still have to abide by the usual password rules: rotate every 3 months, complex passwords, etc.
As a result, users store a plain text file on their desktop (some go as far as printing it), that conveniently allows them to retrieve their passwords.
Too much security kills security.
Karyoplasma@discuss.tchncs.de 1 year ago
Forcing a password change after a period of time has shown to make people gravitate towards the simplest passwords that are still within the policy or other, even less secure, solutions. That’s why security standards nowadays advise to not implement forced password changes.
Sarsoar@lemmy.world 1 year ago
My last job got around the “make people gravitate towards the simplest passwords” issue by giving you a list of 10 randomly generated strings you could pick. ( you could refresh the list a few times though)
So what happened anyways, like the person you are replying to said, is we had passwords written everywhere. One guy kept a sticky not on the back of his badge (which got turned around alot so he would walk around with his password showing), another kept it on a sticky under his keyboard, and just in general we would find passwords written everywhere.