Comment by flerchin

Comment by flerchin 4 days ago

Last time I brought this to our cyber folks, they pointed out that PCI standards require password rotation. So it depends upon which auditors you care about more.

clwg 4 days ago

This requirement is in section 8.3.9 of the PCI DSS[0], and only applies to single-factor authentication implementations, two-factor auth removes this requirement.

[0] https://docs-prv.pcisecuritystandards.org/PCI%20DSS/Standard...

Reply View 11 replies

throwaway72046 4 days ago

Your broker/bank still needs to do it, unfortunately... someone please fix this :(
[0] https://www.finra.org/filing-reporting/entitlement/password-...

Reply View | 10 replies
- Mtinie 4 days ago
  
  > If the password length is 12 to 15 characters, it will be valid for 180 days
  > If the password length is 16 to 32 characters, it will be valid for 365 days
  Madness.
  
  Reply View | 8 replies
  
  lofties 4 days ago
  
  I'm a big fan of "should not include profanity, words of a vulgar nature". It's not unthinkable my password manager comes up with a chain of letters that at one point will include "fuck".
  
  Reply View | 7 replies
- dmoy 4 days ago
  
  What's the scope of that? Not consumer accounts I imagine? I haven't had to change my bank account passwords in over a decade.
  
  Reply View | 0 replies