This practice is not recommended anymore, yet still found in many enterprises.

  • Varyk@sh.itjust.works
    link
    fedilink
    arrow-up
    23
    ·
    edit-2
    2 months ago

    oh i didn’t know that, are companies finally realizing that creating and trying to remember new passwords causes more trouble then keeping one really good password?

    • slazer2au@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      arrow-down
      5
      ·
      2 months ago

      Only on accounts that have MFA is password rotation no longer recommended.

      If the account is non MFA protected password changes are still recommend.

      • Varyk@sh.itjust.works
        link
        fedilink
        arrow-up
        6
        arrow-down
        1
        ·
        edit-2
        2 months ago

        really? what’s the standard for that? like how often should you be rotating your password?

        I assumed many people forget their new passwords (because I often do) and become compromised than are protected by continually rotating passwords.

        • slazer2au@lemmy.world
          link
          fedilink
          English
          arrow-up
          3
          arrow-down
          1
          ·
          2 months ago

          It’s one of the updated NIST recommendations, I don’t recall which one but it specifically calls out no password cycling for MFA protected accounts.