Microsoft says mandatory password changing is “ancient and obsolete”:

And annoying too. And does very little to improve security.

We just need to get PCI to stop forcing that and everyone will be more better off.


I have never understood the PCI-DSS requirements to force users to change the password often.
Users just ended up with simplep@assword123
and the next password:

and so on lol

@dcid @selea too bad they don't take advantage of the work NIST did in 800-63B (Digital Identity Guidelines) in which they actually tackle the problem of passwords, and adapt it to more realistic recommendations... (i.e., doing away with rotations for one)



I am pretty sure that they will do it in the next release. It has not changed for a couple of years so it is due,

· · Web · 0 · 0 · 1
Sign in to participate in the conversation

A instance dedicated - but not limited - to people with an interest in the GNU+Linux ecosystem and/or general tech. Sysadmins to enthusiasts, creators to movielovers - Welcome!