This practice is not recommended anymore, yet still found in many enterprises.

  • slazer2au@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    4 months ago

    Only on accounts that have MFA is password rotation no longer recommended.

    If the account is non MFA protected password changes are still recommend.

    • Varyk@sh.itjust.works
      link
      fedilink
      arrow-up
      0
      ·
      4 months ago

      really? what’s the standard for that? like how often should you be rotating your password?

      I assumed many people forget their new passwords (because I often do) than are protected by continually rotating passwords.

      • slazer2au@lemmy.world
        link
        fedilink
        English
        arrow-up
        0
        ·
        4 months ago

        It’s one of the updated NIST recommendations, I don’t recall which one but it specifically calls out no password cycling for MFA protected accounts.