I was driving limo and the CEO client (who I knew quite well, client-wise) spent the first 30 minutes of a trip on the phone insisting that his original password be restored, as the ‘system’ was insisting it be changed.
He told me he has to repeat this every 4 months…
It is and it’s actually not even recommended best practise to change passwords anymore precisely because of this. It hasn’t been considered best practise since I think around 2016-17 so businesses are really lagging.
If you get governmental contract work and pretty sure not resetting the passwords too often is actually now part of the security requirement but outside of that businesses just do what they think is best regardless of research.
I was driving limo and the CEO client (who I knew quite well, client-wise) spent the first 30 minutes of a trip on the phone insisting that his original password be restored, as the ‘system’ was insisting it be changed.
He told me he has to repeat this every 4 months…
To be fair, simply forcing users to create a new password every X weeks is bad security policy.
It is and it’s actually not even recommended best practise to change passwords anymore precisely because of this. It hasn’t been considered best practise since I think around 2016-17 so businesses are really lagging.
If you get governmental contract work and pretty sure not resetting the passwords too often is actually now part of the security requirement but outside of that businesses just do what they think is best regardless of research.