Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).
This community is automagically fed by an instance of Dittybopper.
Sometimes there are policies that made this almost forced. Case in point: the company I work for forces you to change password every 60 days max. They don't allow the use of passwords managers and you can't use the last 5 passwords. So what do people do? Just go with a simple word and change one number each time. Like "velociraptor1" then "velociraptor2" and so on.
I use passphrases which let me remember them easily while offering protection but it's so stupid that they do it this way.
Change your password 5 times and you can keep the same password.
Kinda odd you can't use password managers either. How archaic it sounds
I have continuous fights with my IT dept. I work for OT, so my day is behind a computer doing technical stuff with machines and other computers, so although I'm no expert in cybersecurity, I know the basics about it and about privacy.
It's an everyday war with them for every single thing I try to do. The best one I remember was when I tried to install firefox because I didn't want to use chrome or edge. Tey blocked traffic from firefox through the company's firewall. I called the IT to explain that I wanted to use firefox because I want to use ublock and other privacy related extensions to block tracking, redirect, phishing and other harmful things and I think their response caused me to facepalm in a way I never thought it was possible: they told me that if I wanted privacy, I should use chrome's incognito mode.
Of course, the passwords required today are impossible to remember. Unwieldy long and complex, while they aren’t the strongest defense layer anyway anymore. Session cookie theft, base64 encoded passwords, csrf, malcertising and good social engineering - but few of these are on the users’ side. Despite their final godawful implementation, passkeys are way better than passwords, and it’s good to see companies like Apple and Microsoft offer them to users in usable ways.
And thats why we have password managers.
And you log on to your password manager with a.. password maybe? Yes, password managers are quite an enhancement but it doesn’t change that passwords are a bad solution.
Yeah I do the same. Want me to make a secure password? Let me do 100 characters including spaces without capitalization, numbers or symbols. Let me pick 10 random words and use that as a password.
Can’t wait for passkeys to be commonplace.
I'm coming around to passkeys as I learn and understand the what and how
Absent that I'm already came around to passphrases because in a situation where I can't use the autofill of my password manager – still more common that I thought – I can remember phrases short term a lot easier than a vomit of characters as I read from my password manager
Then somehow you encounter a site or something that still has stupid password rules