Paul Walker · Oct 19, 2021 · 10:21 AM UTC

Paul Walker

Paul Walker @arafel2

19 Oct 2021

"... will be changing the Password History settings by the end of this month. With this change, you will not be able to set your password to any of your 24 previously-used passwords." Seriously? 24? WTAF?

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Oct 19, 2021 · 10:23 AM UTC

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Oct 19, 2021 · 10:23 AM UTC

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 @dsilverstone

19 Oct 2021

Replying to @arafel2

Have this organisation not heard of best practice?

Oct 19, 2021 · 10:23 AM UTC

Dickon Hood · Oct 19, 2021 · 10:38 AM UTC

Dickon Hood @dickontoo

19 Oct 2021

Replying to @dsilverstone @arafel2

Clearly not. You'll just have to change your single-digit-at-the-end to two. How annoying.

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Oct 19, 2021 · 12:10 PM UTC

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 @dsilverstone

19 Oct 2021

I had a client once who, once a month, forced a password change with a 15 password reuse limit. So once a month I logged in, set my password to 'Insecure01' thence 'Insecure02' onward to 'Insecure15' and then back to my good password which I never knew because yay password safe.

more replies

Paul Walker · Oct 19, 2021 · 10:51 AM UTC

Paul Walker @arafel2

19 Oct 2021

Replying to @dsilverstone

I sent them the link to the paper done by (I think) the NCSC showing that password rotation was harmful. The response was basically "thanks, but we're going to ignore it".