This practice is not recommended anymore, yet still found in many enterprises.

  • Varyk@sh.itjust.works
    link
    fedilink
    arrow-up
    5
    arrow-down
    1
    ·
    edit-2
    3 months ago

    really? what’s the standard for that? like how often should you be rotating your password?

    I assumed many people forget their new passwords (because I often do) and become compromised than are protected by continually rotating passwords.

    • slazer2au@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      3 months ago

      It’s one of the updated NIST recommendations, I don’t recall which one but it specifically calls out no password cycling for MFA protected accounts.