Microsoft says mandatory password changing is β€œancient and obsolete”:

arstechnica.com/information-te

And annoying too. And does very little to improve security.

We just need to get PCI to stop forcing that and everyone will be more better off.

Follow

@dcid

I have never understood the PCI-DSS requirements to force users to change the password often.
Users just ended up with simplep@assword123
and the next password:
simplep@assword1234

and so on lol

Β· Β· Web Β· 1 Β· 2 Β· 2

@dcid @selea too bad they don't take advantage of the work NIST did in 800-63B (Digital Identity Guidelines) in which they actually tackle the problem of passwords, and adapt it to more realistic recommendations... (i.e., doing away with rotations for one)

@tony

I am pretty sure that they will do it in the next release. It has not changed for a couple of years so it is due,
@dcid

Sign in to participate in the conversation
Linux.Pizza

A instance dedicated - but not limited - to people with an interest in the GNU+Linux ecosystem and/or general tech. Sysadmins to enthusiasts, creators to movielovers - Welcome!