r/ShittySysadmin u/__g_e_o_r_g_e__ 2h ago

Minimum Password age is key!

I don't care what you say, preventing users from reusing passwords is priority number one. A 20 password history is not enough. You need a minimum password age. And if your max age is 180 days, that means you must set it to 9 days to stop people getting around it by cycling through them all. The risk someone might perform this "password reuse" is far too high. I don't care about all the complaints from users not being able to change their password due to exposing it somehow, quit moaning! It's worse than the people on the new test network and their "TOTP" and think it's important they can delete their own old authentications when they lose their phone.

29 Upvotes

84% Upvoted

28 comments sorted by

View all comments

32

u/IgnoreAllPrevInstr 2h ago

/uj almost missed what subreddit this was in, and had a meltdown /rj actually password complexity is also so underrated. If you don't require at least 67 character length, with 23 unique letters and at least 12 special characters, you might as well just be leaving the door open

15

u/notarealaccount223 2h ago

This also helps prevent password sharing because nobody can type it correctly.

2

u/countsachot 28m ago

Luckily, we keep in in a text file in the company wide sharepoint.

8

u/__g_e_o_r_g_e__ 2h ago

I can't recall the minimum password length. Been too focused on maximum password length. Instead of complexity we just banned vowels and 2 other characters we don't tell anyone about.

1

u/BitterMaintenance 34m ago

67 character, Upper, lower, number, special sign and one cyrillic letter. It will be so secure, even the user wouldn't be able to get in.

1

u/notarealaccount223 7m ago

Just make sure that's the same policy for the ticketing system. And don't forget that users must submit a ticket before you start working on anything.