On Wed, 2022-07-27 at 08:22 +0930, Tim via users wrote: > On Mon, 2022-07-25 at 18:50 -0700, Samuel Sieb wrote: > > there's no point in expiring the password to an account > > you're using yourself... > > I see no point in ever expiring any password, unless you're auto- > locking out sacked employees because you're too incompetent to do the > job properly when they get sacked. > > Making people pick new passwords means they're going to write them > down > so they don't forget them, or keep forgetting them and ask for admin > help, or pick stupidly simple ones. If the account has been hacked, > changing the password is too late. If it hasn't beeen hacked, > there's > no point. The next password someone picks might be guessed > immediately > just by pure chance just as easily as the existing password. > > It's just one of those exercises in manifest stupidity and > bureaucracy > for the sake of it. Oooh, ooh, it's possible for us to make a rule > about resetting passwords, so we will.
These "rules" were formulated in the Olden Days, when people had at most one or two logins to mainframes, not dozens or more logins to random websites. They are still enforced mainly by banks, to my eternal frustration. Those same banks won't let me use my password manager to create a genuinely random password and remember it for me. poc _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
