These are the same companies that don’t support second factors, only have their app as a second factor, or only SMS second factor. Is it too much to ask for smart card or token (yubikey) support?
These are the same companies that don’t support second factors, only have their app as a second factor, or only SMS second factor. Is it too much to ask for smart card or token (yubikey) support?
I think your missing the point. It doesn’t matter how good an individuals security practices are if the system itself has bad security architecture.
So in your post you refer to, for example, an admin at microsoft headquarters having to change his password, not the user of one of microsofts services being forced to change their password?
I am generally more annoyed at the second bit, the user having to change their password. Both are problems, but internal policies for changes are usually documented and communicated.
Having to change the services password is just a few buttons in the password manager, but it helps mitigating brute force attacks and limits the attackers access to the validity period of the password. So that’s very beneficial.
It doesn’t matter how good an individuals security is, its the system that’s a problem. Passwords are not often compromised through brute force. Password resets are a much more efficient entry method.
https://pages.nist.gov/800-63-FAQ/#q-b05