It's not hard to figure it out: 1) What do frequent password changes actually protect you from?
-
-
-
2) What will users do to minimize the inconvenience of having to memorize new passwords too often?
- Show replies
New conversation -
-
-
or has auditors who aren't up with recent practice, or tied to dated security accreditations.
-
True enough. But that means that the auditors can't be trusted, either. It's a fine miner's canary for bad audits.
- Show replies
New conversation -
-
-
@Brian_Sniffen Now to just get compliance regimes such as PCI to remove the requirement. -
alt, remove passwords. PCI requires your passwords are rotated. “Turns out, you don’t need them!”
End of conversation
New conversation -
-
-
+1 … Although it would be nice for a clueful password manager to remind me…
-
keepass (and I'm sure others) lets you set an expirity date for user/pass entries.
End of conversation
New conversation -
-
-
We agree
@cigital but are constrained by the cargo cult policies of many of our customers@perrymetzger -
As I've said elsewhere, I treat audit reports that frequent rotation is important as a miner's canary...
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.