Comments

This profile is from a federated server and may be incomplete. Browse more on the original instance.

xubu, to asklemmy in Tech workers - what did your IT Security team do that made your life hell and had no practical benefit?

I’m in IT security and I’m fighting this battle. I want to lessen the burden of passwords and arbitrary rotation is terrible.

I’ve ran into a number of issues at my company that would give me the approval to reduce the frequency of expired passwords

  • the company gets asked this question by other customers “do you have a password policy for your staff?” (that somehow includes an expiration frequency).
  • on-prem AD password complexity has some nice parts built in vs some terrible parts with no granularity. It’s a single check box in gpo that does way too much stuff. I’m also not going to write a custom password policy because I don’t have the skill set to do it correctly when we’re talking about AD, that’s nightmare inducing. (Looking at specops to help and already using Azure AD password protection in passive mode)
  • I think management is worried that a phishing event happens on a person with a static password and then unfairly conflating that to my argument of “can we just do two things: increase password length by 2 and decrease expiration frequency by 30 days”

At the end of the day, some of us in IT security want to do the right things based in common sense but we get stymied by management decisions and precedence. Hell, I’ve brought NIST 800-63B documentation with me to check every reason why they wouldn’t budge. It’s just ingrained in them - meanwhile you look at the number of tickets for password help and password sharing violations that get reported … /Sigh

  • All
  • Subscribed
  • Moderated
  • Favorites
  • localhost
  • All magazines
  • 200 @ user_comments
    HTTP status 200 OK
    Route name user_comments
    Has session yes
    Stateless Check no
    Time 771 ms
    Total time 771 ms
    Initialization time 208 ms
    Memory 12.0 MiB
    Peak memory usage 12.0 MiB
    PHP memory limit 128 MiB
    Logger 86
    Errors 0
    Warnings 0
    Deprecations 86
    Cache 30 in 125.85 ms
    Cache Calls 30
    Total time 125.85 ms
    Cache hits 27 / 38 (71.05%)
    Cache writes 7
    2
    Default locale en
    Missing messages 2
    Fallback messages 0
    Defined messages 127
    Security n/a
    Authenticated No
    Firewall name main
    Twig 358 ms
    Render Time 358 ms
    Template Calls 63
    Block Calls 16
    Macro Calls 0
    39 in 121 ms
    settings_row_switch 15
    user_settings_row_switch 4
    date 2
    settings_row_enum 2
    entry_comment 1
    user_inline 1
    date_edited 1
    magazine_inline 1
    entry_inline 1
    user_avatar 1
    vote 1
    boost 1
    user_actions 1
    related_magazines 1
    active_users 1
    related_categories 1
    related_posts 1
    related_entries 1
    support_us_block 1
    featured_magazines 1
    18 in 105.73 ms
    Database Queries 18
    Different statements 16
    Query time 105.73 ms
    Invalid entities 0
    Cache hits 19
    Cache misses 1
    Cache puts 2
    6.4.0
    Profiler token 263a99
    Environment dev
    Debug enabled
    PHP version 8.2.26   View phpinfo()
    PHP Extensions Xdebug ✗ APCu ✓ OPcache ✓
    PHP SAPI apache2handler