Do your helpdesk/admins have "Reset Password" rights to their own accounts? Audit to make sure they're not resetting to keep same password.
-
-
Replying to @SwiftOnSecurity
I found an AD admin who reset his domain password every 90 days so he didn't have to change it. I'm still working on fixing this loophole.
32 replies 34 retweets 73 likes
Replying to @SwiftOnSecurity
Hasn't the idea that you should periodically change passwords been debunked already? *sigh*
9:43 AM - 22 Jun 2016
0 replies
0 retweets
2 likes
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.