Ben Tasker
@bentasker
@HeartInternet
NCSC, for example, advise against forcing regular expiry -
https://www.ncsc.gov.uk/blog-post/problems-forcing-regular-password-expiry
- focus should be on implementing monitoring and other defences, rather than relying on something that offers little practical protection
21 Jan 2021 10:38
View on Twitter
2021 Archive