Mastodon Feed
Boosted by taral ("JP Sugarbroad"):
thomasbosboom@infosec.exchange ("Thomas Bosboom ✅") wrote:
Guess it can't hurt to broadcast this once more: The NCSC, NIST and Microsoft all recommend organisations do not force regular password expiry.
https://www.ncsc.gov.uk/blog-post/problems-forcing-regular-password-expiry
"Regular password expiry is a common requirement in many security policies. However, in the Password Guidance published in 2015, we explicitly advised against it. This article explains why we made this (for many) unexpected recommendation, and why we think it’s the right way forward."