Yes. It’s such a bad practice the fucking White House released an official memo (M-22-09) telling people to stop doing it as part of executive order EO-14028 (federal zero trust strategy). It applies as a rule to all government and military entities and therefore has been carved out in exceptions for FedRAMP and other compliance frameworks. Stop forcing people to change their fucking passwords.
Isnt this just bad practice?
Yes. It’s such a bad practice the fucking White House released an official memo (M-22-09) telling people to stop doing it as part of executive order EO-14028 (federal zero trust strategy). It applies as a rule to all government and military entities and therefore has been carved out in exceptions for FedRAMP and other compliance frameworks. Stop forcing people to change their fucking passwords.
https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf
Ye this
Microsoft recommends against it since 2019. But apparently, it is still a thing.
The company I work for requires annual password changes because it is stipulated by our Cybersecurity insurance provider.