It's back to the saltmine (and in this case, “saltmine” is the name of the Corporate issued laptop, not to be confused with the Corporate Overlords' managed laptop [1], named “Satan [2]”). I check my email only to find half a dozen emails from last week (which nearly everyone at The Corporation had off, including me) saying my password for the Corporate network was expiring and I should change it. I also found half a dozen emails from last week (which nearly everyone at The Overlords' Corporation had off, including me) saying my password for the Corporate Overlords' network was expiring and I should change it (yes, there are two different networks for hysterical reasons). And of course, the two different networks have different password rotation lengths that are timed such that they both expire during vacations [3]. And yet, no matter how many times I point out NIST (National Institute of Standards and Technology) Special Publication 800-63b, section 5.1.1.2, which states [4]: “Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically),” these stupid password expirations keep happening. I guess I'll have to wait for another few CSO (Chief Security Officer)s to rotate through the office before we can finally stop the “Password Changing Dance.”
Sigh.
[4] https://pages.nist.gov/800-63-3/sp800-63b.html#-5112-memorized-secret-verifiers