Must not match any of the four previous passwords

>Must not match any of the four previous passwords
>Must have at least eight characters (maximum 14 characters), including two numbers and four
letters
>Must have at least one lowercase letter (a-z)
>Must have at least one uppercase letter (A-Z)
>Must not have more than three repeating characters and numbers
>Must not use your login name, personal information about yourself (first name, last name,
email address, etc.), or company or product names
>Must not have a number as the first character of the password
>Important: Passwords must be changed every 90 days.
And then they wonder why literally everyone has their password on a fucking sticky note on their
monitor; or why their passwords are all dumb shit like kid's name and birthdate rotated around in
various orders. I personally have a rotation of several strong passwords and still get fucked.

Posting this from work as I wait for my new password to sync through all of our systems - a process which could take up to an hour. Very productive use of work time.

post feet

Formatting fucked from mobile posting.

Dumbassiam1!
Dumbassiam2!
Dumbassiam3!
...
just make up one.

That's why the passwords at the place I work a is just "password"

>not using keepassx2 to generate a different random 32 password for all your accounts
pleb

Blocked on work computers, plus we need to log into several different applications on a daily basis and that would be tedious as fuck.

Can't do this, because it will tell you that your password is too similar to a previously used one. I've tried something like this though.

>gee these basic security measures sure are annoying
just generate a pass and keep it in a password manager ffs

use the portable version. And what is hard? You just need to ctrl-B to copy username and ctrl-C to copy password.
It's faster than typing it and you can even use the autotype function

Read above post. Password managers are banned on work computers and because of the requirement to log into multiple work applications on a daily basis, it becomes a hassle to use a password manager if you have to open one up externally every time you need to log in.

The point is also that this is supposed to increase security, when all it does is just make most employees pick dumb passwords and put them up on a sticky note in plain sight. The layman isn't going to fucking have a password manager for work even if they were allowed.

Also fuck having a maximum character limit. Most of my passwords are 20 characters or more, and this shit stops you from using those.

And fuck "password cannot start with a number" as well. Most of my passwords start with long numerical strings. What the hell is the point of limiting character usage like this?

>it will tell you that your password is too similar to a previously used one
WTF this means they are storing the password in clear text and not hashes
W T F
T
F

So devise a better system and bring it up with your management instead of posting anime girls on Monegasque pube braiding BBS, you useless cunt.

You can still cross reference previously salted passwords for similarities if they share enough characters in common.

This isn't a small company, it's Pepsico. My email probably wouldn't even be read. I don't even know who I'd send it to.

>Pepsico stores passwords in plaintext

If anyone on Sup Forums wanted to make a fortune, now is your chance.

Sounds like you used a hash function invented by a vegetable.

>You can still cross reference previously salted passwords for similarities
How? If the passwords are being hashed (by a functional algorithm), it should only be able to detect exact matches.

I use lyrics.

Doesn't work because you can only use 14 characters MAX. Unless your song lyrics are like 3 words, the password wouldn't be accepted. Most of my passwords are over 20 characters.

Satan's password system literally forces me to dumb down my password.

>not using single sign on to automatically log you into different applications via X.509 client certificates automatically distributed to devices by Group Policy or Kerberos
shiggy diggy doo

i have to enter my password exactly once, it's my AD account password on my phone/laptop when I unlock my laptop or change my password (on mobile phone, to save). everything else is handled via SSO.

>Pepsico
lol you guys are big enough where you should be using ADFS or siteminder or similar for SSO

there's worse. there's a multibillion dollar equipment company that has the following password requirement
>letters and numbers only, no symbols. a capital letter is not required
>password must be EXACTLY eight characters
>password must start with a letter, not a number
>password synced to other systems in plaintext

also
>ID badges have no hologram and clearly display company name
>ID badges broadcast a static unique identifier via RFID - reading them once is enough to make a fake badge that will open doors

Just tried. Our applications don't allow copying and pasting of passwords.

Also, just forgot the password I made earlier. Tried to reset it and got this. Note how it doesn't say the password is the same or one that I've previously used; those have their own separate errors.

>multinational company
>VPN access is
>C# application with hardcoded password to "encrypt" the config file, no obfuscation, just dissassemble, or attach a debugger
>connects to SQL DB by itself
>user auth and permissions done locally

That's not even a bad idea actually.
Especially if you pick a Japanese song, can write it in kana/kanji, and even allowed to.
That's like fucking nightmare mode.

>take a look at that site and job offers
>pepsico develops their own IDM solution based on BEA Weblogic and J2EE
>see indians posting with URLs from Pepsico on IDM and config files on public forums

lol what the fuck? why wouldn't they just license one that was properly developed?

you think a backasswards custom IDM app that can detect password "similarity" (e.g. it's storing them in plaintext) is going to support unicode input in the password field?

jeez, pepsico is anal retentive. went to their office in dallas with a dasani water from the airport and they got all pissy because "dasani is a coke brand". then they got really pissed when I told them they had a hardware resource shortage on servers.

prohibiting copy/paste of password credentials makes sense, but having tons of different logons really doesn't. the password requirement itself really isn't that bad.

>Read above post. Password managers are banned on work computers and because of the requirement to log into multiple work applications on a daily basis, it becomes a hassle to use a password manager if you have to open one up externally every time you need to log in.
if the password syncs to all the systems what's the issue here? and when you log into other systems, do you have to enter the password on that application, or do you get bounced to a single URL that's the logon server?
personally it sounds like they should be issuing X.509 client certs via group policy or kerberos so the AD password protects the laptop and all the application logons are automatic.

>The point is also that this is supposed to increase security, when all it does is just make most employees pick dumb passwords and put them up on a sticky note in plain sight. The layman isn't going to fucking have a password manager for work even if they were allowed.
if the password is more complex but there's only one to remember that's not so bad. Tastyfr!to1 would meet your password requirement fine and isn't difficult to remember.

>Also fuck having a maximum character limit. Most of my passwords are 20 characters or more, and this shit stops you from using those.
there is likely a limitation in pepsico's identity management system or another system where the password is synced to upon changes as a maximum input length

here
>>And fuck "password cannot start with a number" as well. Most of my passwords start with long numerical strings. What the hell is the point of limiting character usage like this?
this is a limitation in older softwares, including prior versions of the oracle database and some IBM software. if the limitation is there, it's because somewhere that the password is synced/used to does not support passwords beginning with a number, and they want to be able to sync the one password rather than make you create a separate different password for that system.

>Dasani
Yea, Pepsi is super anal about this. They recently lost a deal with Dunkin Donuts or something, and so we literally are not allowed to being Dunkin products into the office despite one being across the street from us.

>Login sync
Logins do sync, but you are not automatically logged into all applications. Pepsico buys out small companies and keeps their legacy systems and applications, so if I'm doing something FritoLays related i need to log into their applications separately. On average I make about 6 different logins just to do my daily tasks, sometimes more.

>Tastyfr!to1

Correct, this is fine. The problem now comes with having to change every 90 days (understandable), not being able to use any password you used from the previous 4 (also understandable) and not using a password "too similar" to your previous ones, which is ambiguous as fuck and where we get anal and restrictive. From what I've gathered from personal tests - using the same string of 3 characters can trigger this.

So if the password is Tastyfr!to1

You cannot have a password that has "Tas" in that order anymore.

Yea, I was pretty sure the non-number thing was for legacy systems.Yhey used to allow numbers but changed it recently.

Could you explain why they don't allow more than 14 characters? Restrictions on legacy systems as well? I think i remember learning that for some algorithms, when hashing a password any character after a certain limit isn't taken into account, so the has for abcdefg would be the same as abc.

>Pepsico buys out small companies and keeps their legacy systems and applications
makes sense...
>so if I'm doing something FritoLays related i need to log into their applications separately
lol what the fuck? that merger happened in 1965.

>On average I make about 6 different logins just to do my daily tasks, sometimes more.
most web server apps will support kerberos or x.509 and it really is not that hard to configure SSO, SAML2 is also an option for newer stuff

>You cannot have a password that has "Tas" in that order anymore.
seems whatever system enforcing the password change is either putting the pass in plaintext or is mildly fuzzing the user's current input to see if the hash of things close to the new password is the same. if the same three start letters alone is enough, then I would be inclined to think existing passwords are stored in plaintext.

>Could you explain why they don't allow more than 14 characters? Restrictions on legacy systems as well? I think i remember learning that for some algorithms, when hashing a password any character after a certain limit isn't taken into account, so the has for abcdefg would be the same as abc.
it depends on the legacy software, but likely the 14 char restriction is because the password sync mechanism to legacy or legacy software itself has that limit. some legacy softwares will just cut off all input and only look at the first 14 characters, but others would reject logon for inputs of more than whatever characters they are limited to.

x.509 client certs would make a fuck of a lot more sense, assuming you're using pepsico issued hardware to log in.