this post was submitted on 20 Aug 2024
600 points (98.9% liked)

Cybersecurity - Memes

1964 readers
2 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS
600
submitted 2 months ago* (last edited 2 months ago) by [email protected] to c/cybersecuritymemes
 

This practice is not recommended anymore, yet still found in many enterprises.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 42 points 2 months ago (2 children)

Isnt this just bad practice?

[–] fishpen0 60 points 2 months ago* (last edited 2 months ago) (1 children)

Yes. It’s such a bad practice the fucking White House released an official memo (M-22-09) telling people to stop doing it as part of executive order EO-14028 (federal zero trust strategy). It applies as a rule to all government and military entities and therefore has been carved out in exceptions for FedRAMP and other compliance frameworks. Stop forcing people to change their fucking passwords.

https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf

[–] [email protected] 2 points 2 months ago
[–] [email protected] 24 points 2 months ago (1 children)

Microsoft recommends against it since 2019. But apparently, it is still a thing.

[–] [email protected] 1 points 2 months ago

The company I work for requires annual password changes because it is stipulated by our Cybersecurity insurance provider.