This practice is not recommended anymore, yet still found in many enterprises.

  • slazer2au@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    arrow-down
    1
    ·
    3 months ago

    It’s one of the updated NIST recommendations, I don’t recall which one but it specifically calls out no password cycling for MFA protected accounts.