alt Hacker NewsUnfortunately, not all guidelines have caught up. PCI-DSS still requires password changes every 90 days for anything in scope (the cardholder data environment, anything that might even remotely touch payment card data).
Unfortunately, not all guidelines have caught up. PCI-DSS still requires password changes every 90 days for anything in scope (the cardholder data environment, anything that might even remotely touch payment card data).
Not with MFA. Not for a while now. And regardless, the word(s) you are looking for is "compensating control".