Comment on The inner fire of my hatred COULD melt steam beams
ozymandias117@lemmy.world 1 month agoNIST’s official password guidelines state you should not have password expiry unless there is evidence of a compromise
Comment on The inner fire of my hatred COULD melt steam beams
ozymandias117@lemmy.world 1 month agoNIST’s official password guidelines state you should not have password expiry unless there is evidence of a compromise
bitchkat@lemmy.world 1 month ago
And no one listens to that.
Newsteinleo@midwest.social 1 month ago
That’s because they only read 800-63B and skip the other three documents.
ozymandias117@lemmy.world 1 month ago
The majority of accounts I have don’t have an expiry
I wouldn’t trust personal data with anything that does - they certainly don’t have any security professionals on staff
bitchkat@lemmy.world 1 month ago
Every job I’ve had in the past 10 years makes us reset passwords periodically
ozymandias117@lemmy.world 1 month ago
10 years ago, that was believed to be best practice.
If they’re still doing it in the last 2-3 years, they don’t have anyone keeping up with modern security standards
At least it’s not your data
Newsteinleo@midwest.social 1 month ago
My last employer did not, life was so much better after the policy change. Although my director lost track of how long he had worked there because he stopped incrementing his password every three months.