this post was submitted on 27 Jul 2023
1419 points (98.4% liked)

Memes

45646 readers
1052 users here now

Rules:

  1. Be civil and nice.
  2. Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.

founded 5 years ago
MODERATORS
 
you are viewing a single comment's thread
view the rest of the comments
[–] abraxas@lemmy.ml 6 points 1 year ago

Not sure if you're in the US. But if you are, you should leave this anonymously on the security team's desks.

> Verifiers SHOULD NOT require memorized secrets to be changed arbitrarily (e.g., periodically). However, verifiers SHALL force a change if there is evidence of compromise of the authenticator. - NIST control SP 800-63B Section 5.1.1.2

Basically a fairly widespread standard of security. All kinda of complaince you can fall out of if you do business with anyone who cares about NIST controls.