It has been 6 years since NIST told companies to stop doing this. And I'd be willing to bet there are more companies still mandating this than ones that don't.

[–] LazaroFilm@lemmy.world 24 points 11 months ago* (last edited 11 months ago)

My old job had that policy. I decided I would not try to remember my passwords. Instead I had I.T. on speed dial and I would just call them daily to change my password to the one I liked. They hated me. I don’t work there anymore. For unrelated reasons. I think.

[–] henfredemars@infosec.pub 16 points 11 months ago* (last edited 11 months ago)

I wish I only had to change my passwords every 90 days. That would be a dream.

I'll just have to refer to the unofficial password sticky note that everyone in the office shares containing all the usernames and passwords, and the date on which they were last changed, that was started less than a week after the password change policy.

It's hilariously insecure, but we just can't deal with the password load. It's too much work. We'd sooner be fired if we had to comply with the password policy.

[–] rockSlayer@lemmy.world 2 points 11 months ago

I'm very glad that my company took the note and only require a password change once a year