Update And/or Change Your Password

so my insurance carrier sent me an email and I bypassed that and went to the site and logged in and got told "its time to change your password!"

I also have to change my password at work every 30-60 days

why?

are hackers getting close to figuring my password and have it, "passwor,,,"
but luckily i change it from "password " to "dordssap" before they "hack" me?

why do I ever have to change my password?

 

?
oh I dont have a say? wth? i didnt know that! the darkness has lifted!!

seriously though:
I was looking for a logical rational, since I am also forced to do this at work(change passwords every 60 days) it just makes no sense to me

 

Having to change your password is to protect the company/institution/forum/etc.
Have a look at the most common passwords for 2011-2017.
https://en.wikipedia.org/wiki/List_of_the_most_common_passwords
No amount of hacking/cracking is required to access the account of these blunt pencils.

Here's another list.
http://www.passwordrandom.com/most-popular-passwords

 

Logical rational : Lets face it, most users dont give a hoot about the company or its security, we want our paycheck and then its out that door and head back to our lives, right?
They make us do this in order to protect themselves. Data is the new business currency and it needs to be guarded at all costs.
A large issue is BYOD complications on company networks.
As Eldon points out, users notoriously set weak or bad passwords, for which most brute forcing attempts would suffice, so if there is a breach, it needs to be addressed.
This is 'partly' done with a compulsory password reset, however there are many other layers of security that the average user wont know about.

There is support for the fact however, that users who are regularly prompted to reset passwords tend to set weaker pass's as a result.

 

that's what I get told and that is what makes no sense to me

my password is "Pazzword1$"

so I have my password for 59days and never have trouble logging in and the password is not written down
so on day 60, I gotta change it?
how does that protect the company?

why doesnt the same thinking apply to my house? every 60 days, i get a new lock/key made?


and thanks for the list of common passwords, how do these get hacked? I mean, if I try my password and it's wrong 3-5 times, my account gets LOCKED
so


oh, here is another issue that i dont get

My insurance company sent me a message, so my email has a message that says

You have received a message from: CIGNA

Select the link below to access your CIGNA Secure Mailbox:

so they want me to click a link in an email(NOONONON) and go to some site and log in?

I didnt do that, I went to the main site and logged in and to see "SECRURE messages" I gotta do another long form.....
I dont play that crap

I have a good meme that's funny, but I cant figure out how to get it to show since I d0nt host the meme
https://goo.gl/images/oD8xRp

 

Your house is most likely not connected to the internet.
The only danger is physical break in off the street on random selection.
Smashing a window would be easier than hacking(copying) your front door key

Lists are useful in scripted modules such as a Brute Force, or Dictionary attacks.
A malicious script can be configured to try each combination from a supplied list with blinding speed until it hits a payday.
Attack platforms such as 'Metasploit', have them built in already to supplement certain exploits.

 

You can't.
Unless you save the image and upload it.

 

Who's your email provider?
Neither Yahoo Mail nor Outlook Mail have ever asked/told me to change my password.

Why don't you ask your manager?

 

OK I'm not much of a tech guy, but it sounds like I dont worry about my house locks because its tough to break in via the lock, whilst(here's where I'm not 100% sure what you are sayin')
BUT internet passwords can hacked by many many attempts at the password with huge lists of passwords until the password is found


why not make all passwords 2 step answers.
--step 1 being a simple math problem NOT A FKN CAPTCHA
1 what is 2+4=?

step 2 being your password
2 enter password
-which only gets 3 trials before locked/time delay

 

oh we had a lapse in communication:
my health insurance carrier(CIGNA) sent me an email to my gmail account with a link saying, I had a message from them on their SECURE MAILBOX and to log in and read it
I dont click links in my email and when I logged in at cigna, too much trouble to access the secure mailbox
and also gave me a message telling me to change the password I used to log into cigna.com(I didnt change it)

gmail has never asked me to change my password and when I ask the IT guy at work, why I gotta make a new password every 30-60 days(depending on program i use) he shrugs and says, "rules man, those are the rules"

 

I don't think anyone on these forums can help you with "rules" at the company you work for.

FWIW I received an email with an attachment from Perkins Coie LLP - https://www.perkinscoie.com/en/about-us/firm/firm-overview/overview.html

The attachment was malicious.
I contacted the company and one of the directors replied back that the company's email had been hacked.
Do you get the picture?

 

I didnt think so, I just thought there was some point to the time wasting and ext ra work I"m made to do
i Keep my old and new passwords in a draft in my email, so I dont need to reset them or write them down.

 

Seriously?
It takes about 1 minute to change your password.

 

seriously
I gotta log in weekly, or lose access to 2 programs and I have a long list of old and new passwords for my program access, I cannot use any of the same OR similar passwoord from the last 6 months

It is just a pain in the butt to always be changing 2 different programs passwordsfor NO reason, except "rules" set up by the IT dept.
this is why I've just been trying to learn if there is some actual REASON for this constant nonsense...

 

possibly
but Ive gota list of old passwords and new passwords
password1-->password2-->password3-->
like the above

I am just tired of having to log in weekly and change passwords ever 60 days(yeah, ~7 imes a year, but still annoying_)
I was just trying to get some knowledge ...

 

No, only weak passwords are susceptible to any attacks i mentioned above.

Using any of these , it would take literally years, if not decades to crack a strong, healthy password that contains both letters & numbers, upper & lower case, special characters such as * # or @
But here in lies the problem, users dont set strong passwords as they think its to difficult to remember them?

You make a valid point however, which modern day IT admins should look into, which would eliminate the need for constant password changes.
Its called 2-stage authentication.
They could utilize google's 2 stage authentication app or similar.
My Bitcoin exchange use it, and so far it has worked very well.

Majorgeeks use this security layer for forum logins because it makes perfect sense......we are not prompted on here to change our passwords, because 2 stage seems to take care of lazy pass setters by adding another security layer!

Good luck, and suggest this to your IT Dept.

 

I must be missing something here. I fire up Firefox or Edge, click my MG Software or whichever bookmark and get asked for my username and password and that's it, I'm in. Where is this second layer you are talking about?

 

On the Forums' Homepage, point on your name, then on the right of the drop-down menu you'll see Two-Step Verification.

 

Never noticed it before and I would bet I'm by no means alone. Can't see how that can be effective.

 

Basically if you have it enabled, the first stage is your username and password as per normal, however once you hit enter your still not in, your prompted to enter a code to gain access.
This code is sent by the server to your email addy you used to sign up with, so access the mail, enter the code given and bangamooza epiderios......you just passed the second stage.

Your supposed to be an Interplanetary Geek, lol

 

Yeah, I use two stage on LastPass. Guess I just don't get why it might be advisable on a public forum.

I'd better let the admins know I'm retired now.

 

If some punk kid suckin on a lolly-pop manages to hack your password creds, he's still got no hope of logging in under your nic (unless he also has access to your email)
Im pretty sure this is how MG's fixed the vuln back in 2014/15 that Wile was referring too in another thread, but im not sure, no doubt there is more to it!

The most dangerous people on earth today are 15 yo's with an internet connection

 

Yes, we use strong passwords
uppper and lowercase,
"special character"
numbers

exactly as you said, yet we are forced to make new passwords every 60-90 days,, beats me
gmail never asks me to make a new password. not my online bank

 

Thats true, but for this theory to work all user passwords across the network must be strong.

The weak point will be the user with 'john1234', and if john can be comprimised, then the rest of the whole entire network is fair game!
Most large company networks today use network logins, rather than passwords being stored locally.
This is more secure, and also allows IT more control over users, but yes i agree.....its a 90's mentality.
There are better ways today.

 

now you see why suggesting anything to "my" IT guy is useless.....you can't understand stupidity

 

Your IT guy is just covering his @$$.
The company CEO, while playing golf, heard from another company CEO that they have never had an email breach/hack/etc. because their employees are required to change their passwords every 30-60 days.
And the next day... CEO (the first @$$hole who knows zero about internet security) ordered all managers to implement this great security measure.

 

I stand corrected!

 

Avast has warned me about MG having been hacked and list of users passwords and email addresses being dumped in the dark web.

That probably explains why I started getting occasionally emails (into the email account I'm using here) since 2019, threatening to lock my computer if I didn't cough up a the price of a meal - in crypto perhaps also because of the assumption that I'm a geek and so must have adopted this new-fangled system.

The criminal knew quite a bit of my personal info, including a few passwords which was worrying (I never use the same one in different websites) but luckily nothing happened even though I didn't pay.

The recommendation is obviously to change my password, but I cannot find where to do it in my account?

 

I found it, so sorted now.

 

You are probably right.

Sorry, I've had problems with my laptop: Windows got corrupted and hardware everything has been slowing down, not sure if it really has anything with my machine being over 10 years old as my son claims.
Anyway, he managed to restore my keyboard this weekend, at least (alas, it didn't improve the accuracy of my typing) but I still have some niggles with the display. Can't resize the desktop icons because the "view" option is gone. It's annoying, the edges feel jagged and fuzzy, but I can get used to it, I suppose.