When you force users to change password every 90 days, but also don’t use anything like a password filter DLL or more modern solution to block obvious seasonal patterns, folks do this.
Honestly I really struggle with this. I use a password manager and 2FA for everything I possibly can with completely random passwords.
But on my work machine for first logging into the OS, what can you do? I have a handful of randomly generated passwords from high school memorized so I usually rotate a combination of those, but I don’t love that either.
When you force users to change password every 90 days, but also don’t use anything like a password filter DLL or more modern solution to block obvious seasonal patterns, folks do this.
Honestly I really struggle with this. I use a password manager and 2FA for everything I possibly can with completely random passwords.
But on my work machine for first logging into the OS, what can you do? I have a handful of randomly generated passwords from high school memorized so I usually rotate a combination of those, but I don’t love that either.