←back to thread

Six months into tariffs, businesses have no idea how to price anything

(www.wsj.com)
462 points JumpCrisscross | 7 comments | 30 Aug 25 20:56 UTC | HN request time: 0.206s | source | bottom
Show context
sirnonw ◴[30 Aug 25 21:28 UTC] No.45078160[source]
Funny how there is a post-it with a password glued to the screen of the computer in the lede image, now in plain sight for thousands of readers.
replies(8): >>45078197 #>>45078255 #>>45078281 #>>45078369 #>>45078562 #>>45078571 #>>45078637 #>>45082736 #
1. ashton314 ◴[30 Aug 25 21:35 UTC] No.45078197[source]
Looks like there's a year at the end; might be to facilitate suckurity requirements such as yearly password rotation.
replies(1): >>45078362 #
2. ronsor ◴[30 Aug 25 22:00 UTC] No.45078362[source]
Some places do 3 months! It's amazing
replies(3): >>45078494 #>>45079442 #>>45079964 #
3. mystraline ◴[30 Aug 25 22:20 UTC] No.45078494[source]
PasswordAugust2025!
4. Izkata ◴[31 Aug 25 01:08 UTC] No.45079442[source]
I keep a list of every time I change one of my work passwords with the date it would have expired, and it seems to fluctuate between 2.5 and 3.5 months with little consistency. Some of us used to have it locked so we didn't need to keep changing it, but they reenabled it some time ago and we got confirmation it was for some sort of external security requirements.
5. bongodongobob ◴[31 Aug 25 02:58 UTC] No.45079964[source]
That was best practice until maybe 10 years ago. Point the people in charge of that to the NIST standards.
replies(1): >>45081664 #
6. hdgvhicv ◴[31 Aug 25 09:05 UTC] No.45081664{3}[source]
I hear cyber insurance companies (ransomware cover etc) still require outdated standards.
replies(1): >>45086587 #
7. bongodongobob ◴[31 Aug 25 20:06 UTC] No.45086587{4}[source]
People think cyber insurance requirements are hard rules, but they aren't. For the most part, you just need to show effort as it's completely impossible to be 100% compliant with all standards. For example, if you weren't rotating passwords but had proper MFA on your accounts, you're fine. Hell they even have conflicting standards sometimes. I've been through this multiple times when I worked at an MSP. For the most part, leadership just pushes to meet those standards to cya, which makes sense, but as long as you don't demonstrate gross negligence, they'll pay out.