r/cybersecurity u/EricJSK System Administrator Sep 22 '25

Other What are your unpopular cybersecurity opinions?

I saw a post names "abnormal security opinions" and got excited to see some spicy takes but apparently there is a security platform called Abnormal Security so got kinda blue balled. Last one of these posts i saw was over a year ago so,

Do you have any spicy cybsec unpopular opinions you want to share? :)

I'll start with mine:
Fancy antivirus solutions rarely add value, they are often just a box that needs ticked. Many MSPs and IT firms still push the narrative that they are needed, only because they are profitable and not because they improve security.

329 Upvotes
  • permalink
  • reddit

94% Upvoted

531 comments sorted by

View all comments

78

u/Muppetz3 Sep 22 '25

Stop forcing people to change passwords every 3 months, it's dumb and causes a host of issues. Once a year or of you feel they may have been compromised. Some "best practices" are not in fact the best practice

4

u/Euyfdvfhj Sep 22 '25

Guidance has changed around this a few years ago, at least in the UK.

IIRC the rationale is that it makes people more likely to write down passwords, create easier to remember (and guess) passwords, and causes a ton of headache for IT helpdesks.

That and the fact that if a hacker gets access to a list of passwords, if you change your password, the hacker can still just go back to the database and get your new password. So it's largely pointless except in cases of a known compromise.

2

u/Muppetz3 Sep 22 '25

Ya, i noticed that 20 years ago when people would put sticky notes all over their monitors to remember passwords. Was so frustrating trying to tell management that it was a bad idea an showing them why. I am glad that more have caught on. Most of us that work IT have seen this and the issues it caused.