@jerry I hope that it still an okay idea. I think that there is merit in having a standard to drive for (i.e. 16+ characters, rotations, complexity, MFA, etc.). Hopefully this can better help us strive for a more secure goal.

@synture I think it’s a great idea and we should move to it. My problem is that security thought leaders are running around saying password expiration is a bad idea and that is all people hear, and so disable password expiration without implementing any of the other guidance.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.