this post was submitted on 06 Dec 2023

151 points (96.9% liked)

[Outdated, please look at pinned post] Casual Conversation

6466 readers

1 users here now

Share a story, ask a question, or start a conversation about (almost) anything you desire. Maybe you'll make some friends in the process.

RULES

Be respectful: no harassment, hate speech, bigotry, and/or trolling
Encourage conversation in your post
Avoid controversial topics such as politics or societal debates
Keep it clean and SFW: No illegal content or anything gross and inappropriate
No solicitation such as ads, promotional content, spam, surveys etc.
Respect privacy: Don’t ask for or share any personal information

Related discussion-focused communities

founded 1 year ago

MODERATORS

Mysterious_Macaxeira@lemmy.world

shinigamiookamiryuu@lemm.ee

Bl4ze@lemmy.world

KaneLivesInDeath@lemmy.world

orangeNgreen@lemmy.world

neidu2@feddit.nl

151

Any company that still insists on forced password resets and frequent changes needs to learn about Social Engineering and Human Factors. (yiffit.net)

submitted 10 months ago by l_b_i@yiffit.net to c/casualconversation@lemmy.world

61 comments fedilink hide all child comments

These are the same companies that don't support second factors, only have their app as a second factor, or only SMS second factor. Is it too much to ask for smart card or token (yubikey) support?

you are viewing a single comment's thread
view the rest of the comments

[–] Blaze@discuss.tchncs.de 6 points 10 months ago (1 children)

I'm glad that in my company they disabled the password rotation after having implemented 2FA

[–] l_b_i@yiffit.net 4 points 10 months ago

Mine went to once a year for most systems. There is probably an external requirement somewhere that says they need to be changed periodically and once a year is the lowest frequency they can do.