re: 10 best practices to protect your users’ data (and why they’re still not sufficient) VIEW POST

VIEW PARENT COMMENT VIEW FULL DISCUSSION
 

Requiring periodic rotations is another bit of conventional wisdom that makes sense until you remember that you're dealing with people. Password managers, minimum entropy requirements, and 2fa give a lot more bang for your buck overall; rotations can help in certain sensitive circumstances but they're a bad general remedy. Most users already find password management painful, and asking them to do it all over from scratch every few months introduces all kinds of opportunities for doing it poorly.

code of conduct - report abuse