this post was submitted on 09 Jun 2023
5 points (100.0% liked)

Security News

90 readers
1 users here now

founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] cyboracle@infosec.pub 1 points 1 year ago

I think it depends on the account. Forcing the typical unprivileged user to change their password frequently ends up creating bad passwords; MFA them instead. But for admin and high privileged accounts that cannot for whatever reason be protected by MFA or need MFA+password I think rotating them with some frequency helps security. One of the MOs of many advanced attackers is to grab the passwords for later access, or they brute force to get those passwords. Changing will reduce the risk of stolen passwords being used on admin accounts. Obvs this is an org's own risk decision based on their data.