Path: csiph.com!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail From: John Ames Newsgroups: comp.os.linux.misc Subject: Re: Ken Thompson Recalls =?UTF-8?Q?Unix=E2=80=99s?= Rowdy, Lock-Picking Origins Date: Thu, 30 Oct 2025 08:12:32 -0700 Organization: A noiseless patient Spider Lines: 23 Message-ID: <20251030081232.00001577@gmail.com> References: <10drbgs$2ef5e$1@dont-email.me> <10ds2lb$2l3kk$1@dont-email.me> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Injection-Date: Thu, 30 Oct 2025 15:12:36 +0000 (UTC) Injection-Info: dont-email.me; posting-host="ee36a094b2a609ee08cf8acbfe9542f0"; logging-data="3869372"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19zM6+m5qsuIDO1bCllnKvOHrw+v6qx/C4=" Cancel-Lock: sha1:NU+JBnebmdniuykNnrIXcRdGKtQ= X-Newsreader: Claws Mail 4.3.0 (GTK 3.24.42; x86_64-w64-mingw32) Xref: csiph.com comp.os.linux.misc:76824 On 30 Oct 2025 03:00:58 GMT rbowman wrote: > As the years went by it became harder and harder to do stuff and you > had to change your password every three months. I'd had the same one > for 21 years so that was a PITA. 2FA, Windows Authenticator, all that > shit. At my previous job, we had Best Practices (bow, scrape, chant liturgy) requiring us to change our passwords every ninety gorram days. After my first couple months on the job, it dawned on me that *A.* we didn't have a dedicated sysadmin minding the store, *B.* all of us techs had access to the domain admin credentials since stuff needed to get done, and *C.* password expiry is a per-account flag in WinNT and wasn't even being enforced by Group Policy (which could still have been exempted.) Needless to say, word quickly got around, and after that the only people who had to reset their passwords were our CEO and accountant. (I bought a little Android netbook for 2FA purposes when Management wouldn't budge on that during the hiring process. Never ended up using it, as I just installed WinAuth on my workstation.)