Paul Walker · Oct 19, 2021 · 10:21 AM UTC

Paul Walker

Paul Walker @arafel2

19 Oct 2021

"... will be changing the Password History settings by the end of this month. With this change, you will not be able to set your password to any of your 24 previously-used passwords." Seriously? 24? WTAF?

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Oct 19, 2021 · 10:23 AM UTC

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 @dsilverstone

19 Oct 2021

Have this organisation not heard of best practice?

Dickon Hood · Oct 19, 2021 · 10:38 AM UTC

Dickon Hood @dickontoo

19 Oct 2021

Clearly not. You'll just have to change your single-digit-at-the-end to two. How annoying.

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Oct 19, 2021 · 12:10 PM UTC

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 @dsilverstone

19 Oct 2021

I had a client once who, once a month, forced a password change with a 15 password reuse limit. So once a month I logged in, set my password to 'Insecure01' thence 'Insecure02' onward to 'Insecure15' and then back to my good password which I never knew because yay password safe.

Paul Walker · Oct 19, 2021 · 1:42 PM UTC

Paul Walker @arafel2

19 Oct 2021

I confess I hadn’t thought of that. It’s tempting, though I fear for the SSO gubbins we use.

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Oct 19, 2021 · 2:06 PM UTC

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 · Oct 19, 2021 · 2:06 PM UTC

Daniel Silverstone 💉💉💉💉² 🏳️‍🌈🇬🇧 @dsilverstone

19 Oct 2021

Replying to @arafel2 @dickontoo

What I particuarly enjoyed was that yes, changes needed to be spaced out so their SSO etc didn't cock up. As such those 16 password changes took around 45 minutes in total. Always good to charge the client for an hour of wasted time.

Oct 19, 2021 · 2:06 PM UTC