alt Hacker NewsMost federal orgs still have 60 day password rotation requirements in place, even though NIST gave guidance almost 10 years ago not to do that.
What does that mean? Passwords are stored in textiles accessible by admin only, and shared. And everyone is worse for it.
Mostly, it forces dead accounts off the system, as lay off notices are sent the day after.
It is mostly about ensuring some busy admin doesn't have to inventory every user permission.
Rotating domain logins form a similar function of booting inactive users.
2FA actually may make a system weaker, as people can MITM for $23 using a bogus telecom service and password reset. =3