[kwlug-disc] User passwords - How NOT to do it

[Georges R]

I did work for an auto-auction company for a few years after my retirement.
They had a policy of assigning a new employee a certain
password and then requiring a change in user password every month.

And, yes, the initial user password assigned to each new employee was
Password1.

So, quite naturally most employees changed next to Password2, then to
Password3 and so on. So, I did know and was sometimes offered, a
team-mate's password. To my knowledge a data breach was never announced,
but what a useless system. And, yes, there was a nine character limit so
it was possible to guess almost any user's password with only ten attempts.

Definitely NOT the way to go.

Quite needless to say, I did not follow that practise - yet most of my
passwords used there did contain my birth year, M93ix, in some position
or another within differing passwords.

George
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://kwlug.org/pipermail/kwlug-disc_kwlug.org/attachments/20180619/e6cb7178/attachment.htm>