This practice is not recommended anymore, yet still found in many enterprises.

  • slazer2au
    link
    English
    23 months ago

    It’s one of the updated NIST recommendations, I don’t recall which one but it specifically calls out no password cycling for MFA protected accounts.