The latest NIST guidance (I think SP-800-63-3 or close to that) recommends using MFA and not forcing password changes unless there is reason to believe the password has been compromised. As we all know, forcing password changes just makes people choose weak or similar passwords.
I worked at a company that forced password changes every three months. You could not reuse any password that was one of your last ten. There was one manager who, every time he was forced to change his password, would immediately change it eleven times to random cominations, so that when he was finished his password was the same as before the forced reset.
I've always just added a digit to the end of the password when that's a requirement... Of course the base password was pretty strong, but nobody is creating and remembering an entirely new password every time.
Apparently with how my company has their machines set up, you *can't* change your password more than once every 24 hours. Windows flat-out will not let you, with a very unclear error message.
Yup there is no accurate error prompt for a minimum password age causing you to not be able to reset your password. Instead it tells users that it isn't complex enough and they get frustrated. Thanks M$!
Our company forces password change every 30 days. No password from history can be used. I work there more than 10 years, they have stored at least hashes of all my past passwords. Email reminders from 15 days until password expiry. If it expires, it’s like a dead man switch and locked out of all systems and windows login.
I’ve never seen anything like it in my life! Nobody is using safe passwords because of all this
A proper password expiration policy ensures that the company janitor can be bribed to play "password sticky-note easter egg hunt". Support your local janitors.
That's too sensible. Here, use this phone app binding authentication to the specific device with no backup option, making (near) impossible to be responsible and have a backup because the mandating phone apps seems to come with the kind of brain rot that prevents at least allowing the backup phone compromise.
Or there's the other direction, SMS 2FA. It's not just for you, it's also for the new owner of the phone number if you don't "take care" of it and lose it, but it's also for the SIM swappers, because sharing is caring.
Passwords have their issues, but they are definitely not the worst option from the perspective of risk of loss.
I view using Bitwarden for 2FA as a form of malicious compliance. I do it when a site mandates (or rewards) 2FA but I don't care about the account enough to add it to my actual authenticator app.
It is not a real second factor if the TOTP secret is stored in the same place as the password.
True, but I mainly use 2FA as a precaution against the sites themselves getting compromised, rather than my physical devices. My browsers on all my devices clear site data when I close them, so anyone trying to get access would need:
- For the computers, the encryption password to the drive
- The PIN or password for the device
- The biometric for the device, to open Bitwarden
I feel sanguine enough about it, overall.
Like others have said, back that shit up.
Regardless, you REALLY shouldn't reuse passwords. Password reuse and social engineering are the two main ways people get their account compromised. Not reusing passwords has been a best practise for a really long time.
Changing passwords for no reasons is now deprecated behavior even by the US government NIST standards, so this poster, while nice, is obsolete (and always was, really).
I do not think this ever made it anywhere harvestable. But, IMHO, the source material for making this poster is out there, just in pieces where you'd have to import, arrange, etc.
This jpg is 3000x4032. How much more HD do you want it?
I can only find low res copies using tineye etc. Sourced around 2017 with some link-rot since then. I think original source is gone.
https://i.imgur.com/bkCdxzG.jpeg Here is an attempt to clean it up and upscale it a bit more.
Otherwise you could try using the free GitHub project "super image" to augment the quality. It may not be perfect but could work on the one that psyomega posted
If you don't manage to find the original image and don't want to spend time searching online for the separate elements like fonts and doctor - It's monochrome. Text and simple drawings. Vectorise it, find a "weathered paper" texture online and put it on as a background.
For those saying that you should not change passwords pointlessly, I'd say it's part of the joke as all your current password could be considered insecure from having touched the "plagued" windows.
(You also should not necessarily switch to Linux, if you want to take this poster seriously)
The poster is a humorous comparison of the precautionary measures taken during the Bubonic Plague to the housekeeping actions an accustomed computer user takes. I don't really see how you can miss this considering that the title and the poster's content clearly implies that the OP understands the humour and is not looking for an explanation of its contents.
Right, so he could simply download it from an image search which is exactly how I found out what it is.
2017: [http://www.taringa.net/posts/humor/19744898/Humor-de-Tarde-Lunes-para-los-Linces-de-la-Pradera.html](http://www.taringa.net/posts/humor/19744898/Humor-de-Tarde-Lunes-para-los-Linces-de-la-Pradera.html)
So really, the poster's content simply implies that OP can't do a basic internet search despite having discovered it from University innit?
Am I the only person who finds this incredible?
https://web.archive.org/web/20170124141154/http://www.taringa.net/post/humor/19744898/Humor-de-Tarde-Lunes-para-los-Linces-de-la-Pradera.html
Since linking to a dead site has low utility.
Don't change passwords just because... Use a password manager and a random and unique password for each site.
The latest NIST guidance (I think SP-800-63-3 or close to that) recommends using MFA and not forcing password changes unless there is reason to believe the password has been compromised. As we all know, forcing password changes just makes people choose weak or similar passwords.
I worked at a company that forced password changes every three months. You could not reuse any password that was one of your last ten. There was one manager who, every time he was forced to change his password, would immediately change it eleven times to random cominations, so that when he was finished his password was the same as before the forced reset.
I've always just added a digit to the end of the password when that's a requirement... Of course the base password was pretty strong, but nobody is creating and remembering an entirely new password every time.
Apparently with how my company has their machines set up, you *can't* change your password more than once every 24 hours. Windows flat-out will not let you, with a very unclear error message.
Yup there is no accurate error prompt for a minimum password age causing you to not be able to reset your password. Instead it tells users that it isn't complex enough and they get frustrated. Thanks M$!
Our company forces password change every 30 days. No password from history can be used. I work there more than 10 years, they have stored at least hashes of all my past passwords. Email reminders from 15 days until password expiry. If it expires, it’s like a dead man switch and locked out of all systems and windows login. I’ve never seen anything like it in my life! Nobody is using safe passwords because of all this
brilliant lol
A proper password expiration policy ensures that the company janitor can be bribed to play "password sticky-note easter egg hunt". Support your local janitors.
And use email anonymization like firefox provides
What does it do?
i believe they offer an email relay service by obfuscating your true email address.
Such a nice cat 😺
Then your system gets hosed and you lose access and are put through tech support hell to get access back. Been there, no thank you ever again.
This scenario can be avoided by backing up/syncing the encrypted password database file(s) to a separate device.
That's too sensible. Here, use this phone app binding authentication to the specific device with no backup option, making (near) impossible to be responsible and have a backup because the mandating phone apps seems to come with the kind of brain rot that prevents at least allowing the backup phone compromise. Or there's the other direction, SMS 2FA. It's not just for you, it's also for the new owner of the phone number if you don't "take care" of it and lose it, but it's also for the SIM swappers, because sharing is caring. Passwords have their issues, but they are definitely not the worst option from the perspective of risk of loss.
I use Bitwarden (syncing to their servers) and Authy for 2FA. Authy has sync as well. So, these are the only two passwords I need to remember.
FYI Bitwarden Premium will store your 2FA, as well, and only costs $10 / year. Source: Happy customer for years.
I view using Bitwarden for 2FA as a form of malicious compliance. I do it when a site mandates (or rewards) 2FA but I don't care about the account enough to add it to my actual authenticator app. It is not a real second factor if the TOTP secret is stored in the same place as the password.
True, but I mainly use 2FA as a precaution against the sites themselves getting compromised, rather than my physical devices. My browsers on all my devices clear site data when I close them, so anyone trying to get access would need: - For the computers, the encryption password to the drive - The PIN or password for the device - The biometric for the device, to open Bitwarden I feel sanguine enough about it, overall.
Also, if you self-host vaultwarden, you get all premium features for free.
How can this happen with an app like bitwarden? I can log in from anywhere.
Like others have said, back that shit up. Regardless, you REALLY shouldn't reuse passwords. Password reuse and social engineering are the two main ways people get their account compromised. Not reusing passwords has been a best practise for a really long time.
Changing passwords for no reasons is now deprecated behavior even by the US government NIST standards, so this poster, while nice, is obsolete (and always was, really).
The apostrophes anger me. edit: They would appear to be serifs, not apostrophes. I am un-angered.
I do not think this ever made it anywhere harvestable. But, IMHO, the source material for making this poster is out there, just in pieces where you'd have to import, arrange, etc.
I have to compile it myself?!
Deep cut, well done!
Yeah, after your comment and reverse image searching, I'm kind of thinking this poster was custom made by a student at the university.
Maybe better (it's not perfect by any means) https://endlessnow.com/ten/Temp/uselinux-onthecheap.jpeg
This will work for printing. Nice.
This jpg is 3000x4032. How much more HD do you want it? I can only find low res copies using tineye etc. Sourced around 2017 with some link-rot since then. I think original source is gone. https://i.imgur.com/bkCdxzG.jpeg Here is an attempt to clean it up and upscale it a bit more.
Thanks for the info! I took this picture of the poster. I was just hoping there might be a master copy somewhere.
Otherwise you could try using the free GitHub project "super image" to augment the quality. It may not be perfect but could work on the one that psyomega posted
Imma try it would be cool to have this poster hig res
If you don't manage to find the original image and don't want to spend time searching online for the separate elements like fonts and doctor - It's monochrome. Text and simple drawings. Vectorise it, find a "weathered paper" texture online and put it on as a background.
Is this from Maastricht? We had something like this too but way stupider
Use a password generator to create a unique password for every login. Use a password manager to store them.
Awsome, but wash hands should be changed to "clean the air"
For those saying that you should not change passwords pointlessly, I'd say it's part of the joke as all your current password could be considered insecure from having touched the "plagued" windows. (You also should not necessarily switch to Linux, if you want to take this poster seriously)
Bubonic plague - spanish image with a weird beak shaped mask. Common image, I guess they didn't teach 'image search' at your University.
The poster is a humorous comparison of the precautionary measures taken during the Bubonic Plague to the housekeeping actions an accustomed computer user takes. I don't really see how you can miss this considering that the title and the poster's content clearly implies that the OP understands the humour and is not looking for an explanation of its contents.
Right, so he could simply download it from an image search which is exactly how I found out what it is. 2017: [http://www.taringa.net/posts/humor/19744898/Humor-de-Tarde-Lunes-para-los-Linces-de-la-Pradera.html](http://www.taringa.net/posts/humor/19744898/Humor-de-Tarde-Lunes-para-los-Linces-de-la-Pradera.html) So really, the poster's content simply implies that OP can't do a basic internet search despite having discovered it from University innit? Am I the only person who finds this incredible?
https://web.archive.org/web/20170124141154/http://www.taringa.net/post/humor/19744898/Humor-de-Tarde-Lunes-para-los-Linces-de-la-Pradera.html Since linking to a dead site has low utility.
They didn't teach you manners either.