alt Hacker NewsMostly, it forces dead accounts off the system, as lay off notices are sent the day after.
It is mostly about ensuring some busy admin doesn't have to inventory every user permission.
Rotating domain logins form a similar function of booting inactive users.
2FA actually may make a system weaker, as people can MITM for $23 using a bogus telecom service and password reset. =3
Replies
MengerSponge • yesterday at 7:22 PM
SMS 2FA is harmful. Fortunately, other 2FA modalities are susceptible to that MITM attack
> It is mostly about ensuring some busy admin doesn't have to inventory every user permission.
So, its a bad authn practice that is maintained to mitigate the impacts of bad authz practices (you make authn less secure when people are intended to be authorized, in the hopes than when they aren't and you haven't cleaned up their permissions, the password expiration will cause authn failures so the fact that their authorization hasn't been revoked won't matter), instead of adopting good authn and authz practices?