Comment by flerchin
2 days ago
Last time I brought this to our cyber folks, they pointed out that PCI standards require password rotation. So it depends upon which auditors you care about more.
2 days ago
Last time I brought this to our cyber folks, they pointed out that PCI standards require password rotation. So it depends upon which auditors you care about more.
This requirement is in section 8.3.9 of the PCI DSS[0], and only applies to single-factor authentication implementations, two-factor auth removes this requirement.
[0] https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard...
Your broker/bank still needs to do it, unfortunately... someone please fix this :(
[0] https://www.finra.org/filing-reporting/entitlement/password-...
> If the password length is 12 to 15 characters, it will be valid for 180 days
> If the password length is 16 to 32 characters, it will be valid for 365 days
Madness.
7 replies →
What's the scope of that? Not consumer accounts I imagine? I haven't had to change my bank account passwords in over a decade.