NIST(National Institute of Standards and Technology) has changed the standard to longer Passwords for a longer period of time but there seems to be little adoption among companies. Why do you think that?

Governance, Risk, and Compliance, Security - Effort and cost of change in isolation. These should get implemented in next major upgrade of the solution.

2 comments

https://www.pulse.qa

Pulse User

Effort and cost of change in isolation. These should get implemented in next major upgrade of the solution.

Pulse User

The tooling isn’t ready. As we’ve embraced more multi factor authentication and control solutions more ways have presented themselves to enable longer expiring passwords too.