|
|
|
|
|
|
by SturgeonsLaw
2139 days ago
|
|
|
This is super common, to the point where Microsoft used a similar password scheme as an example when talking about password spraying attacks at an RSA conference presentation https://www.zdnet.com/article/microsoft-99-9-of-compromised-... It's why I'm advocating within my organisation to get rid of password expiration and enforce 2FA for clients, but there's a lot of inertia to push against with some of them. At least uptake of 2FA is consistently increasing. |
|
|
Scheduled password expiration weakens security by encouraging users to make predictable passwords, and by entrenching password resets as a routine and unscrutinized process.