The whole "change your password every 30 days" thing drives me nuts

I was helping my mom set up her email last week and she had this sticky note on her monitor with like 12 different passwords because her work forces a change every month. The problem is nobody actually remembers these passwords, so they just do "Password1" then "Password2" and write them all down on yellow stickies for anyone to see. My buddy who works IT at a hospital in Austin told me their audit showed most password resets happen within 24 hours of the forced change because people forget instantly. Does anyone else think monthly password changes actually make things way less secure than just using a long phrase and sticking with it?

2 comments

2 Comments

reese_garcia1d ago

Oh MAN this is literally my mom's life right now too. She has a whole ROW of sticky notes across her monitor with "May password" "June password" and it's basically the same word with the month number at the end. I've told her a hundred times that writing them down completely defeats the purpose but she says the IT guy at her office actually suggested the sticky note method because everyone was typing their passwords into fake emails from "tech support" instead. It feels like these security rules were made by people who have NEVER actually worked in a real office with real humans.

miabennett1d ago

Honestly why do IT departments keep pretending sticky notes are the solution lol? My aunt's desk looks like a crime board with all her passwords taped to the monitor and it's literally the same password with the month tacked on the end.