600
submitted 3 months ago* (last edited 3 months ago) by cron@feddit.org to c/cybersecuritymemes@lemmy.world

This practice is not recommended anymore, yet still found in many enterprises.

you are viewing a single comment's thread
view the rest of the comments
[-] MimicJar@lemmy.world 8 points 3 months ago

Which certifications? NIST standards don't recommend regular rotations anymore.

[-] jj4211@lemmy.world 3 points 3 months ago

Nist guidelines used to recommend rotation, and our security team would quickly point to it when people complained.

So of course we jumped on that and security team said "well nist are just guidelines and we go for more stringent requirements"...

[-] DeviantOvary@lemmy.world 1 points 3 months ago

I would need to check (not in charge of it), but I do remember in the fat stack of guidelines we got there was the password policy of 90 days. However, the point still stands that some people have no digital hygiene and will write down and share their passwords in plain text for all to see even if we didn't enforce password expiry. Though in all honesty, there's no winning combination when so many don't truly give a shit about digital security. As long as they can flaunt a certificate.

this post was submitted on 20 Aug 2024
600 points (98.9% liked)

Cybersecurity - Memes

1893 readers
1 users here now

Only the hottest memes in Cybersecurity

founded 1 year ago
MODERATORS