← Back to context

Comment by paxys

2 days ago

Industry-wide IT security is driven by the "nobody got fired for buying IBM" phenomenon.

It doesn't matter if things are broken. It matters that you did everything by the book. And the book in this case was written 30 years ago and is woefully inadequate. But try convincing your VP of information security that employees shouldn't have to change their password every 3 months...

1 comment

paxys

Reply
lxgr  2 days ago

At least for that one, you can now point to NIST recommendations, which finally discourage rotating passwords.