Context is that I had to register for a lot of accounts recently and some of the rules really make no sense.

Not name-and-shaming, but the best one I’ve seen recently is I might have accidentally performed an XSS attack on a career portal using a 40-digit randomly generated password…

  • otp@sh.itjust.works
    0·
    3 months ago

    Anything that requires regular password resets. It’s fine if it’s changed on the site and in the user’s vault automatically, but if a user has to type in their password with any sort of regularity, it’s a recipe for disaster to require regular changes.

    People write predictable or formulaic passwords, or just end up resetting their password more often than necessary because they forgot it (making them more susceptible to phishing).

    • Cousin Mose@lemmy.hogru.ch
      0·
      3 months ago

      I memorized a handful of randomly generated passwords in high school (around 2005) and never looked back.

      These days I use a password manager, but for semi-low security stuff (on my LAN) I use one, for my Apple account a long combination of three. And that’s it! The password manager is where it’s at.

      Just one of my passwords was leaked in data breach (from back when I was younger and recycled passwords) so that one’s out, but otherwise I’m doing pretty well with the memorized randomly generated passwords.

    • Susaga@sh.itjust.worksEnglish
      0·
      3 months ago

      There was an episode of Elementary where they were able to find the victims password on a post-it note, because the company requires a new password every month and he didn’t want to remember a new one that often.