Tag Archives: security

The Insecurity of Your Secure Password Policy

If you have a password policy that mandates passwords change every 90 days, and it takes 1-2 days for you to get everything back in sync (password manager, systems, keychain, etc…), you start warning people 10 days in advance, and you have systems that only allow passwords of certain lengths, and… ¬†where was I?

Anyway… what percentage of users do you think are actually using a password manager that randomly generates that password, especially if there are systems that people need to log into that don’t have anyway to directly insert from a password manager app?

Instead, you’re going to get a password progression like:

  • Puppies1!
  • Puppies2?
  • Puppies3!
  • Puppies4.

So if you have one set of compromised passwords, you’re pretty likely that the WHOLE PASSWORD GENERATING METHOD is compromised for many users.

The extra burden of trying to come up with memorable but unique passwords so often is forcing users to dumb down their passwords.