You are viewing a single thread.
View all comments View context
5 points

> And despite security recommendations, too many IT depts still force password resets every 90 days…

It could be for contractual or for insurance reasons. We have some contracts with government agencies that require it, and our cyberinsurance also does. Even though NIST has been recommending for years to do long passphrase + MFA and no reset unless you suspect compromise.

So yeah, the reason behind this might not be just plain incompetence.

permalink
report
parent
reply
1 point

Doesn’t that just mean it’s the government agencies and insurance that are incompetent?

permalink
report
parent
reply

Memes

!memes@lemmy.ml

Create post

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

Community stats

  • 8.9K

    Monthly active users

  • 12K

    Posts

  • 264K

    Comments