|
|
|
|
|
|
by m3047
1088 days ago
|
|
|
Yes, I suppose it is an exposure mitigation as well. Although if someone is having users change passwords every 30 days (or 30 seconds? whatever) due to exposure I have a lot of WTF questions. If passwords suffer from that much unavoidable exposure I'd be expecting automated systems (hello HOTP / TOTP) and OOB authenticators which are resistant or agnostic to that exposure. (ssa.gov generates printable one-time pads if you're masochistic enough to request one.) |
|
|