This practice is not recommended anymore, yet still found in many enterprises.

  • GreyEyedGhost
    link
    fedilink
    arrow-up
    7
    ·
    4 months ago

    My company changed the policy to increase the time between password changes. To compensate, they increased the required password length.

    Neither of these policy changes were communicated to the employees. The expiry time tells you when it arrives (don’t tell me you change it before it expires, good for you if you do), but if your new password doesn’t meet the policy requirements it doesn’t tell you what they are. The support request response indicated the minimum length was three letters longer. The only good thing about this ordeal is that I get paid by the hour.