Do they put a maximum on how many times you can change your password? If not, yo... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		MereInterest on Dec 14, 2016 \| parent \| context \| favorite \| on: New NIST password guidelines: don't require charac... Do they put a maximum on how many times you can change your password? If not, you could just cycle through 13 passwords in 5 minutes, then switch back to your original password.

mlnhd on Dec 14, 2016 [–]

I wrote a PowerShell script that does exactly this for Windows Domains.

http://pastebin.com/raw/ytwy0nCB

Jaruzel on Dec 23, 2016 | [–]

In AD there is a MinPasswordAge policy that is typically set to 1 day to thwart exactly this type of work-around.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact