alt Hacker NewsVery obvious, but things that seem obvious might not actually be true. It is worth verifying.
Getting organisations to act on the obvious if it requires changing is harder than you might think. Having research to point to and saying you are doing the wrong thing and now you've been told is like turning the lights on and off really quickly and moaning "Liability" in a spooky voice.
Fair enough. I had a hard time advocating for good password flows because "standards" said frequent rotation etc.
And tbh when you apply those standards with context and are faced with people bare-minimum pointing at the standards, you sometimes come off as less knowledgeable - such is the authority of research/standards.
Anyway, I skimmed your profile and learnt a new word, milquetoast - so thanks for that!