cyboracle

joined 1 year ago
[–] cyboracle@infosec.pub 1 points 1 year ago

I think it depends on the account. Forcing the typical unprivileged user to change their password frequently ends up creating bad passwords; MFA them instead. But for admin and high privileged accounts that cannot for whatever reason be protected by MFA or need MFA+password I think rotating them with some frequency helps security. One of the MOs of many advanced attackers is to grab the passwords for later access, or they brute force to get those passwords. Changing will reduce the risk of stolen passwords being used on admin accounts. Obvs this is an org's own risk decision based on their data.

[–] cyboracle@infosec.pub 2 points 1 year ago

Hey all! I've been in infosec for about 20 years, did some red teaming but have really found the fight in defense. I currently work in the public sector, did some threat hunting and am now specializing in post-compromise remediation and countermeasures.

[–] cyboracle@infosec.pub 2 points 1 year ago

THANK YOU JERRY LESSTHANTHREE <3