Hacker News new | past | comments | ask | show | jobs | submit login

If you're really hellbent on it, you can probably tell the IT department they are full of shit and ask for the citation to the state code number - I am no state code scholar, but I have never heard of anything like this. In the NW States I am familiar with I could not find a single code section that even remotely touched on passwords at state schools. It would be an odd thing to legislate. Some states are goofy though.



I work in the public sector in Denmark. Here three months is required by law.

It's caused our most common passwords to be things like Summer17 and half the employees that actually use what they think are hard random passwords end up writing them down.

If you look under the keyboard if 100 workstations you'll probably find 10 passwords on post-its.

It makes little sense too because if we're compromising for 3 months we're probably going to be just as fucked as if we were compromised for 4.

The best policy we have is locking people out after 3 wrong attempts.


Just checked, by a little bit of googling, I did find it in a gov document.


Care to share? Curious minds want to know :-)


I stand corrected. And intrigued that a state saw fit to make a law about that.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: